npm - @bonfida/spl-name-service - Versions diffs - 3.0.19 → 3.0.21 - Mend

@bonfida/spl-name-service 3.0.19 → 3.0.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (329) hide show

package/dist/esm/node_modules/@bonfida/sns-records/dist/index.js CHANGED Viewed

@@ -1,2 +1,2 @@
-import"../../../buffer/index.js";import{PublicKey as e,SystemProgram as t,TransactionInstruction as r}from"@solana/web3.js";import{__exports as i}from"../../../../_virtual/index.js";var n,s=["u8","u16","u32","u64","u128","i8","i16","i32","i64","i128","f32","f64"],o=function(){function e(){this.offset=0,this.buffer_size=256,this.buffer=new ArrayBuffer(this.buffer_size),this.view=new DataView(this.buffer)}return e.prototype.resize_if_necessary=function(e){if(this.buffer_size-this.offset<e){this.buffer_size=Math.max(2*this.buffer_size,this.buffer_size+e);var t=new ArrayBuffer(this.buffer_size);new Uint8Array(t).set(new Uint8Array(this.buffer)),this.buffer=t,this.view=new DataView(t)}},e.prototype.get_used_buffer=function(){return new Uint8Array(this.buffer).slice(0,this.offset)},e.prototype.store_value=function(e,t){var r=t.substring(1),i=parseInt(r)/8;this.resize_if_necessary(i);var n="f"===t[0]?"setFloat".concat(r):"i"===t[0]?"setInt".concat(r):"setUint".concat(r);this.view[n](this.offset,e,!0),this.offset+=i},e.prototype.store_bytes=function(e){this.resize_if_necessary(e.length),new Uint8Array(this.buffer).set(new Uint8Array(e),this.offset),this.offset+=e.length},e}(),a=function(){function e(e){this.offset=0,this.buffer_size=e.length,this.buffer=new ArrayBuffer(e.length),new Uint8Array(this.buffer).set(e),this.view=new DataView(this.buffer)}return e.prototype.assert_enough_buffer=function(e){if(this.offset+e>this.buffer.byteLength)throw new Error("Error in schema, the buffer is smaller than expected")},e.prototype.consume_value=function(e){var t=e.substring(1),r=parseInt(t)/8;this.assert_enough_buffer(r);var i="f"===e[0]?"getFloat".concat(t):"i"===e[0]?"getInt".concat(t):"getUint".concat(t),n=this.view[i](this.offset,!0);return this.offset+=r,n},e.prototype.consume_bytes=function(e){this.assert_enough_buffer(e);var t=this.buffer.slice(this.offset,this.offset+e);return this.offset+=e,t},e}(),u=(n=function(e,t){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},n(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)});function c(e,t,r){if(typeof e!==t)throw new Error("Expected ".concat(t," not ").concat(typeof e,"(").concat(e,") at ").concat(r.join(".")))}function h(e,t,r){if(e!==t)throw new Error("Array length ".concat(e," does not match schema length ").concat(t," at ").concat(r.join(".")))}var f=s.concat(["bool","string"]),d=["option","enum","array","set","map","struct"],l=function(e){function t(t,r){var i="Invalid schema: ".concat(JSON.stringify(t)," expected ").concat(r);return e.call(this,i)||this}return u(t,e),t}(Error);function p(e){if("string"!=typeof e||!f.includes(e)){if(e&&"object"==typeof e){var t=Object.keys(e);if(1===t.length&&d.includes(t[0])){var r=t[0];if("option"===r)return p(e[r]);if("enum"===r)return function(e){if(!Array.isArray(e))throw new l(e,"Array");for(var t=0,r=e;t<r.length;t++){var i=r[t];if("object"!=typeof i||!("struct"in i))throw new Error('Missing "struct" key in enum schema');if("object"!=typeof i.struct||1!==Object.keys(i.struct).length)throw new Error('The "struct" in each enum must have a single key');p({struct:i.struct})}}(e[r]);if("array"===r)return function(e){if("object"!=typeof e)throw new l(e,"{ type, len? }");if(e.len&&"number"!=typeof e.len)throw new Error("Invalid schema: ".concat(e));if("type"in e)return p(e.type);throw new l(e,"{ type, len? }")}(e[r]);if("set"===r)return p(e[r]);if("map"===r)return function(e){if("object"!=typeof e||!("key"in e)||!("value"in e))throw new l(e,"{ key, value }");p(e.key),p(e.value)}(e[r]);if("struct"===r)return function(e){if("object"!=typeof e)throw new l(e,"object");for(var t in e)p(e[t])}(e[r])}}throw new l(e,d.join(", ")+" or "+f.join(", "))}}var y=function(){function e(e){this.encoded=new o,this.fieldPath=["value"],this.checkTypes=e}return e.prototype.encode=function(e,t){return this.encode_value(e,t),this.encoded.get_used_buffer()},e.prototype.encode_value=function(e,t){if("string"==typeof t){if(s.includes(t))return this.encode_integer(e,t);if("string"===t)return this.encode_string(e);if("bool"===t)return this.encode_boolean(e)}if("object"==typeof t){if("option"in t)return this.encode_option(e,t);if("enum"in t)return this.encode_enum(e,t);if("array"in t)return this.encode_array(e,t);if("set"in t)return this.encode_set(e,t);if("map"in t)return this.encode_map(e,t);if("struct"in t)return this.encode_struct(e,t)}},e.prototype.encode_integer=function(e,t){var r=parseInt(t.substring(1));r<=32||"f64"==t?(this.checkTypes&&c(e,"number",this.fieldPath),this.encoded.store_value(e,t)):(this.checkTypes&&function(e,t){if(!(["number","string","bigint","boolean"].includes(typeof e)||"object"==typeof e&&null!==e&&"toString"in e))throw new Error("Expected bigint, number, boolean or string not ".concat(typeof e,"(").concat(e,") at ").concat(t.join(".")))}(e,this.fieldPath),this.encode_bigint(BigInt(e),r))},e.prototype.encode_bigint=function(e,t){for(var r=t/8,i=new Uint8Array(r),n=0;n<r;n++)i[n]=Number(e&BigInt(255)),e>>=BigInt(8);this.encoded.store_bytes(new Uint8Array(i))},e.prototype.encode_string=function(e){this.checkTypes&&c(e,"string",this.fieldPath);var t=e;this.encoded.store_value(t.length,"u32");for(var r=0;r<t.length;r++)this.encoded.store_value(t.charCodeAt(r),"u8")},e.prototype.encode_boolean=function(e){this.checkTypes&&c(e,"boolean",this.fieldPath),this.encoded.store_value(e?1:0,"u8")},e.prototype.encode_option=function(e,t){null==e?this.encoded.store_value(0,"u8"):(this.encoded.store_value(1,"u8"),this.encode_value(e,t.option))},e.prototype.encode_enum=function(e,t){this.checkTypes&&function(e,t){if("object"!=typeof e||null===e)throw new Error("Expected object not ".concat(typeof e,"(").concat(e,") at ").concat(t.join(".")))}(e,this.fieldPath);for(var r=Object.keys(e)[0],i=0;i<t.enum.length;i++){var n=t.enum[i];if(r===Object.keys(n.struct)[0])return this.encoded.store_value(i,"u8"),this.encode_struct(e,n)}throw new Error("Enum key (".concat(r,") not found in enum schema: ").concat(JSON.stringify(t)," at ").concat(this.fieldPath.join(".")))},e.prototype.encode_array=function(e,t){if(function(e){return Array.isArray(e)||!!e&&"object"==typeof e&&"length"in e&&"number"==typeof e.length&&(0===e.length||e.length>0&&e.length-1 in e)}(e))return this.encode_arraylike(e,t);if(e instanceof ArrayBuffer)return this.encode_buffer(e,t);throw new Error("Expected Array-like not ".concat(typeof e,"(").concat(e,") at ").concat(this.fieldPath.join(".")))},e.prototype.encode_arraylike=function(e,t){t.array.len?h(e.length,t.array.len,this.fieldPath):this.encoded.store_value(e.length,"u32");for(var r=0;r<e.length;r++)this.encode_value(e[r],t.array.type)},e.prototype.encode_buffer=function(e,t){t.array.len?h(e.byteLength,t.array.len,this.fieldPath):this.encoded.store_value(e.byteLength,"u32"),this.encoded.store_bytes(new Uint8Array(e))},e.prototype.encode_set=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);var r=e instanceof Set?Array.from(e.values()):Object.values(e);this.encoded.store_value(r.length,"u32");for(var i=0,n=r;i<n.length;i++){var s=n[i];this.encode_value(s,t.set)}},e.prototype.encode_map=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);var r=e instanceof Map,i=r?Array.from(e.keys()):Object.keys(e);this.encoded.store_value(i.length,"u32");for(var n=0,s=i;n<s.length;n++){var o=s[n];this.encode_value(o,t.map.key),this.encode_value(r?e.get(o):e[o],t.map.value)}},e.prototype.encode_struct=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);for(var r=0,i=Object.keys(t.struct);r<i.length;r++){var n=i[r];this.fieldPath.push(n),this.encode_value(e[n],t.struct[n]),this.fieldPath.pop()}},e}(),g=function(){function e(e){this.buffer=new a(e)}return e.prototype.decode=function(e){return this.decode_value(e)},e.prototype.decode_value=function(e){if("string"==typeof e){if(s.includes(e))return this.decode_integer(e);if("string"===e)return this.decode_string();if("bool"===e)return this.decode_boolean()}if("object"==typeof e){if("option"in e)return this.decode_option(e);if("enum"in e)return this.decode_enum(e);if("array"in e)return this.decode_array(e);if("set"in e)return this.decode_set(e);if("map"in e)return this.decode_map(e);if("struct"in e)return this.decode_struct(e)}throw new Error("Unsupported type: ".concat(e))},e.prototype.decode_integer=function(e){var t=parseInt(e.substring(1));return t<=32||"f64"==e?this.buffer.consume_value(e):this.decode_bigint(t,e.startsWith("i"))},e.prototype.decode_bigint=function(e,t){void 0===t&&(t=!1);var r=e/8,i=new Uint8Array(this.buffer.consume_bytes(r)),n=i.reduceRight((function(e,t){return e+t.toString(16).padStart(2,"0")}),"");return t&&i[r-1]?BigInt.asIntN(e,BigInt("0x".concat(n))):BigInt("0x".concat(n))},e.prototype.decode_string=function(){var e=this.decode_integer("u32"),t=new Uint8Array(this.buffer.consume_bytes(e));return String.fromCharCode.apply(null,t)},e.prototype.decode_boolean=function(){return this.buffer.consume_value("u8")>0},e.prototype.decode_option=function(e){var t=this.buffer.consume_value("u8");if(1===t)return this.decode_value(e.option);if(0!==t)throw new Error("Invalid option ".concat(t));return null},e.prototype.decode_enum=function(e){var t,r=this.buffer.consume_value("u8");if(r>e.enum.length)throw new Error("Enum option ".concat(r," is not available"));var i=e.enum[r].struct,n=Object.keys(i)[0];return(t={})[n]=this.decode_value(i[n]),t},e.prototype.decode_array=function(e){for(var t=[],r=e.array.len?e.array.len:this.decode_integer("u32"),i=0;i<r;++i)t.push(this.decode_value(e.array.type));return t},e.prototype.decode_set=function(e){for(var t=this.decode_integer("u32"),r=new Set,i=0;i<t;++i)r.add(this.decode_value(e.set));return r},e.prototype.decode_map=function(e){for(var t=this.decode_integer("u32"),r=new Map,i=0;i<t;++i){var n=this.decode_value(e.map.key),s=this.decode_value(e.map.value);r.set(n,s)}return r},e.prototype.decode_struct=function(e){var t={};for(var r in e.struct)t[r]=this.decode_value(e.struct[r]);return t},e}();function b(e,t,r){return void 0===r&&(r=!0),r&&p(e),new y(r).encode(t,e)}class _{constructor(e){this.tag=1,this.record=e.record,this.content=e.content}serialize(){return b(_.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}_.schema={struct:{tag:"u8",record:"string",content:{array:{type:"u8"}}}};class v{constructor(e){this.tag=4,this.validation=e.validation,this.signature=e.signature,this.expectedPubkey=e.expectedPubkey}serialize(){return b(v.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}v.schema={struct:{tag:"u8",validation:"u8",signature:{array:{type:"u8"}},expectedPubkey:{array:{type:"u8"}}}};class m{constructor(e){this.tag=3,this.staleness=e.staleness}serialize(){return b(m.schema,this)}getInstruction(e,t,n,s,o,a,u,c,h){const f=i.Buffer.from(this.serialize());let d=[];return d.push({pubkey:t,isSigner:!1,isWritable:!1}),d.push({pubkey:n,isSigner:!1,isWritable:!1}),d.push({pubkey:s,isSigner:!0,isWritable:!0}),d.push({pubkey:o,isSigner:!1,isWritable:!0}),d.push({pubkey:a,isSigner:!1,isWritable:!0}),d.push({pubkey:u,isSigner:!1,isWritable:!0}),d.push({pubkey:c,isSigner:!1,isWritable:!1}),d.push({pubkey:h,isSigner:!0,isWritable:!0}),new r({keys:d,programId:e,data:f})}}m.schema={struct:{tag:"u8",staleness:"bool"}};class w{constructor(e){this.tag=2,this.record=e.record,this.content=e.content}serialize(){return b(w.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}w.schema={struct:{tag:"u8",record:"string",content:{array:{type:"u8"}}}};class k{constructor(){this.tag=5}serialize(){return b(k.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}k.schema={struct:{tag:"u8"}};class S{constructor(e){this.tag=6,this.roaId=e.roaId}serialize(){return b(S.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}S.schema={struct:{tag:"u8",roaId:{array:{type:"u8"}}}};const I=new e("HP3D4D1ZCmohQGFVms2SS4LCANgJyksBf5s1F77FuFjZ"),[A]=e.findProgramAddressSync([I.toBuffer()],I),W=(e,r,i,n,s,o,a,u)=>new _({record:o,content:Array.from(a)}).getInstruction(u,t.programId,s,e,r,i,n,A),j=(e,r,i,n,s,o)=>(new k).getInstruction(o,t.programId,s,e,n,r,i,A),E=(e,r,i,n,s,o,a,u)=>new w({record:o,content:Array.from(a)}).getInstruction(u,t.programId,s,e,r,i,n,A),z=(e,r,i,n,s,o,a,u,c)=>new v({validation:o,signature:Array.from(a),expectedPubkey:Array.from(u)}).getInstruction(c,t.programId,s,e,r,i,n,A),P=(e,r,i,n,s,o,a,u)=>new m({staleness:a}).getInstruction(u,t.programId,o,e,r,i,n,A,s),O=(e,r,i,n,s,o,a)=>new S({roaId:Array.from(o.toBuffer())}).getInstruction(a,t.programId,r,e,i,n,s,A);var B,R;(R=B||(B={}))[R.None=0]="None",R[R.Solana=1]="Solana",R[R.Ethereum=2]="Ethereum",R[R.UnverifiedSolana=3]="UnverifiedSolana";const x=e=>{switch(e){case B.None:return 0;case B.Ethereum:return 20;case B.Solana:case B.UnverifiedSolana:return 32;default:throw new Error("Invalid validation enum")}};class U{constructor(e){this.stalenessValidation=e.stalenessValidation,this.rightOfAssociationValidation=e.rightOfAssociationValidation,this.contentLength=e.contentLength}static deserialize(e){return new U((t=this.schema,r=e,void 0===(i=!0)&&(i=!0),i&&p(t),new g(r).decode(t)));var t,r,i}static async retrieve(e,t){const r=await e.getAccountInfo(t);if(!r||!r.data)throw new Error("Record header account not found");return this.deserialize(r.data.slice(96,96+this.LEN))}}U.LEN=8,U.schema={struct:{stalenessValidation:"u16",rightOfAssociationValidation:"u16",contentLength:"u32"}};class V{constructor(e,t){this.data=t,this.header=e}static deserialize(e){const t=U.deserialize(e.slice(96,96+U.LEN)),r=e.slice(96+U.LEN);return new V(t,r)}static async retrieve(e,t){const r=await e.getAccountInfo(t);if(!r||!r.data)throw new Error("Record header account not found");return this.deserialize(r.data)}static async retrieveBatch(e,t){return(await e.getMultipleAccountsInfo(t)).map((e=>{if(null==e?void 0:e.data)return this.deserialize(e.data)}))}getContent(){let e=x(this.header.stalenessValidation)+x(this.header.rightOfAssociationValidation);return this.data.slice(e)}getStalenessId(){let e=x(this.header.stalenessValidation);return this.data.slice(0,e)}getRoAId(){let e=x(this.header.stalenessValidation),t=e+x(this.header.rightOfAssociationValidation);return this.data.slice(e,t)}}export{A as CENTRAL_STATE_SNS_RECORDS,V as Record,U as RecordHeader,I as SNS_RECORDS_ID,B as Validation,W as allocateAndPostRecord,_ as allocateAndPostRecordInstruction,j as deleteRecord,k as deleteRecordInstruction,E as editRecord,w as editRecordInstruction,x as getValidationLength,z as validateEthSignature,v as validateEthereumSignatureInstruction,P as validateSolanaSignature,m as validateSolanaSignatureInstruction,O as writeRoa,S as writeRoaInstruction};
+import"../../../buffer/index.js";import{SystemProgram as e,PublicKey as t,TransactionInstruction as r}from"@solana/web3.js";import{__exports as i}from"../../../../_virtual/index.js";var n,s=["u8","u16","u32","u64","u128","i8","i16","i32","i64","i128","f32","f64"],o=function(){function e(){this.offset=0,this.buffer_size=256,this.buffer=new ArrayBuffer(this.buffer_size),this.view=new DataView(this.buffer)}return e.prototype.resize_if_necessary=function(e){if(this.buffer_size-this.offset<e){this.buffer_size=Math.max(2*this.buffer_size,this.buffer_size+e);var t=new ArrayBuffer(this.buffer_size);new Uint8Array(t).set(new Uint8Array(this.buffer)),this.buffer=t,this.view=new DataView(t)}},e.prototype.get_used_buffer=function(){return new Uint8Array(this.buffer).slice(0,this.offset)},e.prototype.store_value=function(e,t){var r=t.substring(1),i=parseInt(r)/8;this.resize_if_necessary(i);var n="f"===t[0]?"setFloat".concat(r):"i"===t[0]?"setInt".concat(r):"setUint".concat(r);this.view[n](this.offset,e,!0),this.offset+=i},e.prototype.store_bytes=function(e){this.resize_if_necessary(e.length),new Uint8Array(this.buffer).set(new Uint8Array(e),this.offset),this.offset+=e.length},e}(),a=function(){function e(e){this.offset=0,this.buffer_size=e.length,this.buffer=new ArrayBuffer(e.length),new Uint8Array(this.buffer).set(e),this.view=new DataView(this.buffer)}return e.prototype.assert_enough_buffer=function(e){if(this.offset+e>this.buffer.byteLength)throw new Error("Error in schema, the buffer is smaller than expected")},e.prototype.consume_value=function(e){var t=e.substring(1),r=parseInt(t)/8;this.assert_enough_buffer(r);var i="f"===e[0]?"getFloat".concat(t):"i"===e[0]?"getInt".concat(t):"getUint".concat(t),n=this.view[i](this.offset,!0);return this.offset+=r,n},e.prototype.consume_bytes=function(e){this.assert_enough_buffer(e);var t=this.buffer.slice(this.offset,this.offset+e);return this.offset+=e,t},e}(),u=(n=function(e,t){return n=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(e,t){e.__proto__=t}||function(e,t){for(var r in t)Object.prototype.hasOwnProperty.call(t,r)&&(e[r]=t[r])},n(e,t)},function(e,t){if("function"!=typeof t&&null!==t)throw new TypeError("Class extends value "+String(t)+" is not a constructor or null");function r(){this.constructor=e}n(e,t),e.prototype=null===t?Object.create(t):(r.prototype=t.prototype,new r)});function c(e,t,r){if(typeof e!==t)throw new Error("Expected ".concat(t," not ").concat(typeof e,"(").concat(e,") at ").concat(r.join(".")))}function h(e,t,r){if(e!==t)throw new Error("Array length ".concat(e," does not match schema length ").concat(t," at ").concat(r.join(".")))}var f=s.concat(["bool","string"]),d=["option","enum","array","set","map","struct"],l=function(e){function t(t,r){var i="Invalid schema: ".concat(JSON.stringify(t)," expected ").concat(r);return e.call(this,i)||this}return u(t,e),t}(Error);function p(e){if("string"!=typeof e||!f.includes(e)){if(e&&"object"==typeof e){var t=Object.keys(e);if(1===t.length&&d.includes(t[0])){var r=t[0];if("option"===r)return p(e[r]);if("enum"===r)return function(e){if(!Array.isArray(e))throw new l(e,"Array");for(var t=0,r=e;t<r.length;t++){var i=r[t];if("object"!=typeof i||!("struct"in i))throw new Error('Missing "struct" key in enum schema');if("object"!=typeof i.struct||1!==Object.keys(i.struct).length)throw new Error('The "struct" in each enum must have a single key');p({struct:i.struct})}}(e[r]);if("array"===r)return function(e){if("object"!=typeof e)throw new l(e,"{ type, len? }");if(e.len&&"number"!=typeof e.len)throw new Error("Invalid schema: ".concat(e));if("type"in e)return p(e.type);throw new l(e,"{ type, len? }")}(e[r]);if("set"===r)return p(e[r]);if("map"===r)return function(e){if("object"!=typeof e||!("key"in e)||!("value"in e))throw new l(e,"{ key, value }");p(e.key),p(e.value)}(e[r]);if("struct"===r)return function(e){if("object"!=typeof e)throw new l(e,"object");for(var t in e)p(e[t])}(e[r])}}throw new l(e,d.join(", ")+" or "+f.join(", "))}}var y=function(){function e(e){this.encoded=new o,this.fieldPath=["value"],this.checkTypes=e}return e.prototype.encode=function(e,t){return this.encode_value(e,t),this.encoded.get_used_buffer()},e.prototype.encode_value=function(e,t){if("string"==typeof t){if(s.includes(t))return this.encode_integer(e,t);if("string"===t)return this.encode_string(e);if("bool"===t)return this.encode_boolean(e)}if("object"==typeof t){if("option"in t)return this.encode_option(e,t);if("enum"in t)return this.encode_enum(e,t);if("array"in t)return this.encode_array(e,t);if("set"in t)return this.encode_set(e,t);if("map"in t)return this.encode_map(e,t);if("struct"in t)return this.encode_struct(e,t)}},e.prototype.encode_integer=function(e,t){var r=parseInt(t.substring(1));r<=32||"f64"==t?(this.checkTypes&&c(e,"number",this.fieldPath),this.encoded.store_value(e,t)):(this.checkTypes&&function(e,t){if(!(["number","string","bigint","boolean"].includes(typeof e)||"object"==typeof e&&null!==e&&"toString"in e))throw new Error("Expected bigint, number, boolean or string not ".concat(typeof e,"(").concat(e,") at ").concat(t.join(".")))}(e,this.fieldPath),this.encode_bigint(BigInt(e),r))},e.prototype.encode_bigint=function(e,t){for(var r=t/8,i=new Uint8Array(r),n=0;n<r;n++)i[n]=Number(e&BigInt(255)),e>>=BigInt(8);this.encoded.store_bytes(new Uint8Array(i))},e.prototype.encode_string=function(e){this.checkTypes&&c(e,"string",this.fieldPath);var t=e;this.encoded.store_value(t.length,"u32");for(var r=0;r<t.length;r++)this.encoded.store_value(t.charCodeAt(r),"u8")},e.prototype.encode_boolean=function(e){this.checkTypes&&c(e,"boolean",this.fieldPath),this.encoded.store_value(e?1:0,"u8")},e.prototype.encode_option=function(e,t){null==e?this.encoded.store_value(0,"u8"):(this.encoded.store_value(1,"u8"),this.encode_value(e,t.option))},e.prototype.encode_enum=function(e,t){this.checkTypes&&function(e,t){if("object"!=typeof e||null===e)throw new Error("Expected object not ".concat(typeof e,"(").concat(e,") at ").concat(t.join(".")))}(e,this.fieldPath);for(var r=Object.keys(e)[0],i=0;i<t.enum.length;i++){var n=t.enum[i];if(r===Object.keys(n.struct)[0])return this.encoded.store_value(i,"u8"),this.encode_struct(e,n)}throw new Error("Enum key (".concat(r,") not found in enum schema: ").concat(JSON.stringify(t)," at ").concat(this.fieldPath.join(".")))},e.prototype.encode_array=function(e,t){if(function(e){return Array.isArray(e)||!!e&&"object"==typeof e&&"length"in e&&"number"==typeof e.length&&(0===e.length||e.length>0&&e.length-1 in e)}(e))return this.encode_arraylike(e,t);if(e instanceof ArrayBuffer)return this.encode_buffer(e,t);throw new Error("Expected Array-like not ".concat(typeof e,"(").concat(e,") at ").concat(this.fieldPath.join(".")))},e.prototype.encode_arraylike=function(e,t){t.array.len?h(e.length,t.array.len,this.fieldPath):this.encoded.store_value(e.length,"u32");for(var r=0;r<e.length;r++)this.encode_value(e[r],t.array.type)},e.prototype.encode_buffer=function(e,t){t.array.len?h(e.byteLength,t.array.len,this.fieldPath):this.encoded.store_value(e.byteLength,"u32"),this.encoded.store_bytes(new Uint8Array(e))},e.prototype.encode_set=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);var r=e instanceof Set?Array.from(e.values()):Object.values(e);this.encoded.store_value(r.length,"u32");for(var i=0,n=r;i<n.length;i++){var s=n[i];this.encode_value(s,t.set)}},e.prototype.encode_map=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);var r=e instanceof Map,i=r?Array.from(e.keys()):Object.keys(e);this.encoded.store_value(i.length,"u32");for(var n=0,s=i;n<s.length;n++){var o=s[n];this.encode_value(o,t.map.key),this.encode_value(r?e.get(o):e[o],t.map.value)}},e.prototype.encode_struct=function(e,t){this.checkTypes&&c(e,"object",this.fieldPath);for(var r=0,i=Object.keys(t.struct);r<i.length;r++){var n=i[r];this.fieldPath.push(n),this.encode_value(e[n],t.struct[n]),this.fieldPath.pop()}},e}(),g=function(){function e(e){this.buffer=new a(e)}return e.prototype.decode=function(e){return this.decode_value(e)},e.prototype.decode_value=function(e){if("string"==typeof e){if(s.includes(e))return this.decode_integer(e);if("string"===e)return this.decode_string();if("bool"===e)return this.decode_boolean()}if("object"==typeof e){if("option"in e)return this.decode_option(e);if("enum"in e)return this.decode_enum(e);if("array"in e)return this.decode_array(e);if("set"in e)return this.decode_set(e);if("map"in e)return this.decode_map(e);if("struct"in e)return this.decode_struct(e)}throw new Error("Unsupported type: ".concat(e))},e.prototype.decode_integer=function(e){var t=parseInt(e.substring(1));return t<=32||"f64"==e?this.buffer.consume_value(e):this.decode_bigint(t,e.startsWith("i"))},e.prototype.decode_bigint=function(e,t){void 0===t&&(t=!1);var r=e/8,i=new Uint8Array(this.buffer.consume_bytes(r)),n=i.reduceRight(function(e,t){return e+t.toString(16).padStart(2,"0")},"");return t&&i[r-1]?BigInt.asIntN(e,BigInt("0x".concat(n))):BigInt("0x".concat(n))},e.prototype.decode_string=function(){var e=this.decode_integer("u32"),t=new Uint8Array(this.buffer.consume_bytes(e));return String.fromCharCode.apply(null,t)},e.prototype.decode_boolean=function(){return this.buffer.consume_value("u8")>0},e.prototype.decode_option=function(e){var t=this.buffer.consume_value("u8");if(1===t)return this.decode_value(e.option);if(0!==t)throw new Error("Invalid option ".concat(t));return null},e.prototype.decode_enum=function(e){var t,r=this.buffer.consume_value("u8");if(r>e.enum.length)throw new Error("Enum option ".concat(r," is not available"));var i=e.enum[r].struct,n=Object.keys(i)[0];return(t={})[n]=this.decode_value(i[n]),t},e.prototype.decode_array=function(e){for(var t=[],r=e.array.len?e.array.len:this.decode_integer("u32"),i=0;i<r;++i)t.push(this.decode_value(e.array.type));return t},e.prototype.decode_set=function(e){for(var t=this.decode_integer("u32"),r=new Set,i=0;i<t;++i)r.add(this.decode_value(e.set));return r},e.prototype.decode_map=function(e){for(var t=this.decode_integer("u32"),r=new Map,i=0;i<t;++i){var n=this.decode_value(e.map.key),s=this.decode_value(e.map.value);r.set(n,s)}return r},e.prototype.decode_struct=function(e){var t={};for(var r in e.struct)t[r]=this.decode_value(e.struct[r]);return t},e}();function b(e,t,r){return void 0===r&&(r=!0),r&&p(e),new y(r).encode(t,e)}class _{constructor(e){this.tag=1,this.record=e.record,this.content=e.content}serialize(){return b(_.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}_.schema={struct:{tag:"u8",record:"string",content:{array:{type:"u8"}}}};class v{constructor(e){this.tag=4,this.validation=e.validation,this.signature=e.signature,this.expectedPubkey=e.expectedPubkey}serialize(){return b(v.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}v.schema={struct:{tag:"u8",validation:"u8",signature:{array:{type:"u8"}},expectedPubkey:{array:{type:"u8"}}}};class m{constructor(e){this.tag=3,this.staleness=e.staleness}serialize(){return b(m.schema,this)}getInstruction(e,t,n,s,o,a,u,c,h){const f=i.Buffer.from(this.serialize());let d=[];return d.push({pubkey:t,isSigner:!1,isWritable:!1}),d.push({pubkey:n,isSigner:!1,isWritable:!1}),d.push({pubkey:s,isSigner:!0,isWritable:!0}),d.push({pubkey:o,isSigner:!1,isWritable:!0}),d.push({pubkey:a,isSigner:!1,isWritable:!0}),d.push({pubkey:u,isSigner:!1,isWritable:!0}),d.push({pubkey:c,isSigner:!1,isWritable:!1}),d.push({pubkey:h,isSigner:!0,isWritable:!0}),new r({keys:d,programId:e,data:f})}}m.schema={struct:{tag:"u8",staleness:"bool"}};class w{constructor(e){this.tag=2,this.record=e.record,this.content=e.content}serialize(){return b(w.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}w.schema={struct:{tag:"u8",record:"string",content:{array:{type:"u8"}}}};class k{constructor(){this.tag=5}serialize(){return b(k.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}k.schema={struct:{tag:"u8"}};class S{constructor(e){this.tag=6,this.roaId=e.roaId}serialize(){return b(S.schema,this)}getInstruction(e,t,n,s,o,a,u,c){const h=i.Buffer.from(this.serialize());let f=[];return f.push({pubkey:t,isSigner:!1,isWritable:!1}),f.push({pubkey:n,isSigner:!1,isWritable:!1}),f.push({pubkey:s,isSigner:!0,isWritable:!0}),f.push({pubkey:o,isSigner:!1,isWritable:!0}),f.push({pubkey:a,isSigner:!1,isWritable:!0}),f.push({pubkey:u,isSigner:!0,isWritable:!0}),f.push({pubkey:c,isSigner:!1,isWritable:!1}),new r({keys:f,programId:e,data:h})}}S.schema={struct:{tag:"u8",roaId:{array:{type:"u8"}}}};const I=new t("HP3D4D1ZCmohQGFVms2SS4LCANgJyksBf5s1F77FuFjZ"),A=new t("Ga872GkshNeNMDag7m1Bn54dN3NiHksfqnN2pH6A1H9F"),[W]=t.findProgramAddressSync([I.toBuffer()],I);t.findProgramAddressSync([A.toBuffer()],A);const E=(t,r,i,n,s,o,a,u)=>new _({record:o,content:Array.from(a)}).getInstruction(u,e.programId,s,t,r,i,n,W),j=(t,r,i,n,s,o)=>(new k).getInstruction(o,e.programId,s,t,n,r,i,W),z=(t,r,i,n,s,o,a,u)=>new w({record:o,content:Array.from(a)}).getInstruction(u,e.programId,s,t,r,i,n,W),P=(t,r,i,n,s,o,a,u,c)=>new v({validation:o,signature:Array.from(a),expectedPubkey:Array.from(u)}).getInstruction(c,e.programId,s,t,r,i,n,W),O=(t,r,i,n,s,o,a,u)=>new m({staleness:a}).getInstruction(u,e.programId,o,t,r,i,n,W,s),B=(t,r,i,n,s,o,a)=>new S({roaId:Array.from(o.toBuffer())}).getInstruction(a,e.programId,r,t,i,n,s,W);var N,R;(R=N||(N={}))[R.None=0]="None",R[R.Solana=1]="Solana",R[R.Ethereum=2]="Ethereum",R[R.UnverifiedSolana=3]="UnverifiedSolana";const x=e=>{switch(e){case N.None:return 0;case N.Ethereum:return 20;case N.Solana:case N.UnverifiedSolana:return 32;default:throw new Error("Invalid validation enum")}};class V{constructor(e){this.stalenessValidation=e.stalenessValidation,this.rightOfAssociationValidation=e.rightOfAssociationValidation,this.contentLength=e.contentLength}static deserialize(e){return new V((t=this.schema,r=e,void 0===(i=!0)&&(i=!0),i&&p(t),new g(r).decode(t)));var t,r,i}static async retrieve(e,t){const r=await e.getAccountInfo(t);if(!r||!r.data)throw new Error("Record header account not found");return this.deserialize(r.data.slice(96,96+this.LEN))}}V.LEN=8,V.schema={struct:{stalenessValidation:"u16",rightOfAssociationValidation:"u16",contentLength:"u32"}};class U{constructor(e,t){this.data=t,this.header=e}static deserialize(e){const t=V.deserialize(e.slice(96,96+V.LEN)),r=e.slice(96+V.LEN);return new U(t,r)}static async retrieve(e,t){const r=await e.getAccountInfo(t);if(!r||!r.data)throw new Error("Record header account not found");return this.deserialize(r.data)}static async retrieveBatch(e,t){return(await e.getMultipleAccountsInfo(t)).map(e=>{if(null==e?void 0:e.data)return this.deserialize(e.data)})}getContent(){let e=x(this.header.stalenessValidation)+x(this.header.rightOfAssociationValidation);return this.data.slice(e)}getStalenessId(){let e=x(this.header.stalenessValidation);return this.data.slice(0,e)}getRoAId(){let e=x(this.header.stalenessValidation),t=e+x(this.header.rightOfAssociationValidation);return this.data.slice(e,t)}}export{W as CENTRAL_STATE_SNS_RECORDS,U as Record,V as RecordHeader,I as SNS_RECORDS_ID,A as SNS_RECORD_ID_DEVNET,N as Validation,E as allocateAndPostRecord,_ as allocateAndPostRecordInstruction,j as deleteRecord,k as deleteRecordInstruction,z as editRecord,w as editRecordInstruction,x as getValidationLength,P as validateEthSignature,v as validateEthereumSignatureInstruction,O as validateSolanaSignature,m as validateSolanaSignatureInstruction,B as writeRoa,S as writeRoaInstruction};
 //# sourceMappingURL=index.js.map

package/dist/esm/node_modules/@noble/curves/esm/abstract/curve.js CHANGED Viewed

@@ -1,3 +1,3 @@
-import{validateField as e,nLength as t}from"./modular.js";import{validateObject as n,bitLen as r,bitMask as o}from"./utils.js";
-/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const i=BigInt(0),s=BigInt(1);function a(e,t){const n=t.negate();return e?n:t}function f(e,t){if(!Number.isSafeInteger(e)||e<=0||e>t)throw new Error("invalid window size, expected [1.."+t+"], got W="+e)}function d(e,t){f(e,t);const n=2**e;return{windows:Math.ceil(t/e)+1,windowSize:2**(e-1),mask:o(e),maxNumber:n,shiftBy:BigInt(e)}}function c(e,t,n){const{windowSize:r,mask:o,maxNumber:i,shiftBy:a}=n;let f=Number(e&o),d=e>>a;f>r&&(f-=i,d+=s);const c=t*r;return{nextN:d,offset:c+Math.abs(f)-1,isZero:0===f,isNeg:f<0,isNegF:t%2!=0,offsetF:c}}const u=new WeakMap,l=new WeakMap;function w(e){return l.get(e)||1}function h(e,t){return{constTimeNegate:a,hasPrecomputes:e=>1!==w(e),unsafeLadder(t,n,r=e.ZERO){let o=t;for(;n>i;)n&s&&(r=r.add(o)),o=o.double(),n>>=s;return r},precomputeWindow(e,n){const{windows:r,windowSize:o}=d(n,t),i=[];let s=e,a=s;for(let e=0;e<r;e++){a=s,i.push(a);for(let e=1;e<o;e++)a=a.add(s),i.push(a);s=a.double()}return i},wNAF(n,r,o){let i=e.ZERO,s=e.BASE;const f=d(n,t);for(let e=0;e<f.windows;e++){const{nextN:t,offset:n,isZero:d,isNeg:u,isNegF:l,offsetF:w}=c(o,e,f);o=t,d?s=s.add(a(l,r[w])):i=i.add(a(u,r[n]))}return{p:i,f:s}},wNAFUnsafe(n,r,o,s=e.ZERO){const a=d(n,t);for(let e=0;e<a.windows&&o!==i;e++){const{nextN:t,offset:n,isZero:i,isNeg:f}=c(o,e,a);if(o=t,!i){const e=r[n];s=s.add(f?e.negate():e)}}return s},getPrecomputes(e,t,n){let r=u.get(t);return r||(r=this.precomputeWindow(t,e),1!==e&&u.set(t,n(r))),r},wNAFCached(e,t,n){const r=w(e);return this.wNAF(r,this.getPrecomputes(r,e,n),t)},wNAFCachedUnsafe(e,t,n,r){const o=w(e);return 1===o?this.unsafeLadder(e,t,r):this.wNAFUnsafe(o,this.getPrecomputes(o,e,n),t,r)},setWindowSize(e,n){f(n,t),l.set(e,n),u.delete(e)}}}function g(e,t,n,i){!function(e,t){if(!Array.isArray(e))throw new Error("array expected");e.forEach(((e,n)=>{if(!(e instanceof t))throw new Error("invalid point at index "+n)}))}(n,e),function(e,t){if(!Array.isArray(e))throw new Error("array of scalars expected");e.forEach(((e,n)=>{if(!t.isValid(e))throw new Error("invalid scalar at index "+n)}))}(i,t);const s=n.length,a=i.length;if(s!==a)throw new Error("arrays of points and scalars must have equal length");const f=e.ZERO,d=r(BigInt(s));let c=1;d>12?c=d-3:d>4?c=d-2:d>0&&(c=2);const u=o(c),l=new Array(Number(u)+1).fill(f);let w=f;for(let e=Math.floor((t.BITS-1)/c)*c;e>=0;e-=c){l.fill(f);for(let t=0;t<a;t++){const r=i[t],o=Number(r>>BigInt(e)&u);l[o]=l[o].add(n[t])}let t=f;for(let e=l.length-1,n=f;e>0;e--)n=n.add(l[e]),t=t.add(n);if(w=w.add(t),0!==e)for(let e=0;e<c;e++)w=w.double()}return w}function p(r){return e(r.Fp),n(r,{n:"bigint",h:"bigint",Gx:"field",Gy:"field"},{nBitLength:"isSafeInteger",nByteLength:"isSafeInteger"}),Object.freeze({...t(r.n,r.nBitLength),...r,p:r.Fp.ORDER})}export{g as pippenger,p as validateBasic,h as wNAF};
+import{bitLen as t,bitMask as e}from"../utils.js";import{validateField as r,Field as n,FpInvertBatch as o}from"./modular.js";
+/*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */const i=BigInt(0),s=BigInt(1);function a(t,e){const r=e.negate();return t?r:e}function f(t,e){const r=o(t.Fp,e.map(t=>t.Z));return e.map((e,n)=>t.fromAffine(e.toAffine(r[n])))}function c(t,e){if(!Number.isSafeInteger(t)||t<=0||t>e)throw new Error("invalid window size, expected [1.."+e+"], got W="+t)}function d(t,r){c(t,r);const n=2**t;return{windows:Math.ceil(r/t)+1,windowSize:2**(t-1),mask:e(t),maxNumber:n,shiftBy:BigInt(t)}}function u(t,e,r){const{windowSize:n,mask:o,maxNumber:i,shiftBy:a}=r;let f=Number(t&o),c=t>>a;f>n&&(f-=i,c+=s);const d=e*n;return{nextN:c,offset:d+Math.abs(f)-1,isZero:0===f,isNeg:f<0,isNegF:e%2!=0,offsetF:d}}const h=new WeakMap,l=new WeakMap;function w(t){return l.get(t)||1}function p(t){if(t!==i)throw new Error("invalid wNAF")}class E{constructor(t,e){this.BASE=t.BASE,this.ZERO=t.ZERO,this.Fn=t.Fn,this.bits=e}_unsafeLadder(t,e,r=this.ZERO){let n=t;for(;e>i;)e&s&&(r=r.add(n)),n=n.double(),e>>=s;return r}precomputeWindow(t,e){const{windows:r,windowSize:n}=d(e,this.bits),o=[];let i=t,s=i;for(let t=0;t<r;t++){s=i,o.push(s);for(let t=1;t<n;t++)s=s.add(i),o.push(s);i=s.double()}return o}wNAF(t,e,r){if(!this.Fn.isValid(r))throw new Error("invalid scalar");let n=this.ZERO,o=this.BASE;const i=d(t,this.bits);for(let t=0;t<i.windows;t++){const{nextN:s,offset:f,isZero:c,isNeg:d,isNegF:h,offsetF:l}=u(r,t,i);r=s,c?o=o.add(a(h,e[l])):n=n.add(a(d,e[f]))}return p(r),{p:n,f:o}}wNAFUnsafe(t,e,r,n=this.ZERO){const o=d(t,this.bits);for(let t=0;t<o.windows&&r!==i;t++){const{nextN:i,offset:s,isZero:a,isNeg:f}=u(r,t,o);if(r=i,!a){const t=e[s];n=n.add(f?t.negate():t)}}return p(r),n}getPrecomputes(t,e,r){let n=h.get(e);return n||(n=this.precomputeWindow(e,t),1!==t&&("function"==typeof r&&(n=r(n)),h.set(e,n))),n}cached(t,e,r){const n=w(t);return this.wNAF(n,this.getPrecomputes(n,t,r),e)}unsafe(t,e,r,n){const o=w(t);return 1===o?this._unsafeLadder(t,e,n):this.wNAFUnsafe(o,this.getPrecomputes(o,t,r),e,n)}createCache(t,e){c(e,this.bits),l.set(t,e),h.delete(t)}hasCache(t){return 1!==w(t)}}function m(r,n,o,i){!function(t,e){if(!Array.isArray(t))throw new Error("array expected");t.forEach((t,r)=>{if(!(t instanceof e))throw new Error("invalid point at index "+r)})}(o,r),function(t,e){if(!Array.isArray(t))throw new Error("array of scalars expected");t.forEach((t,r)=>{if(!e.isValid(t))throw new Error("invalid scalar at index "+r)})}(i,n);const s=o.length,a=i.length;if(s!==a)throw new Error("arrays of points and scalars must have equal length");const f=r.ZERO,c=t(BigInt(s));let d=1;c>12?d=c-3:c>4?d=c-2:c>0&&(d=2);const u=e(d),h=new Array(Number(u)+1).fill(f);let l=f;for(let t=Math.floor((n.BITS-1)/d)*d;t>=0;t-=d){h.fill(f);for(let e=0;e<a;e++){const r=i[e],n=Number(r>>BigInt(t)&u);h[n]=h[n].add(o[e])}let e=f;for(let t=h.length-1,r=f;t>0;t--)r=r.add(h[t]),e=e.add(r);if(l=l.add(e),0!==t)for(let t=0;t<d;t++)l=l.double()}return l}function g(t,e,o){if(e){if(e.ORDER!==t)throw new Error("Field.ORDER must match order: Fp == p, Fn == n");return r(e),e}return n(t,{isLE:o})}function b(t,e,r={},n){if(void 0===n&&(n="edwards"===t),!e||"object"!=typeof e)throw new Error(`expected valid ${t} CURVE object`);for(const t of["p","n","h"]){const r=e[t];if(!("bigint"==typeof r&&r>i))throw new Error(`CURVE.${t} must be positive bigint`)}const o=g(e.p,r.Fp,n),s=g(e.n,r.Fn,n),a=["Gx","Gy","a","d"];for(const t of a)if(!o.isValid(e[t]))throw new Error(`CURVE.${t} must be valid field element of CURVE.Fp`);return{CURVE:e=Object.freeze(Object.assign({},e)),Fp:o,Fn:s}}export{b as _createCurveFields,a as negateCt,f as normalizeZ,m as pippenger,E as wNAF};
 //# sourceMappingURL=curve.js.map

package/dist/esm/node_modules/@noble/curves/esm/abstract/curve.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"curve.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/curve.js"],"sourcesContent":["/*\n Methods for elliptic curve multiplication by scalars.\n * Contains wNAF, pippenger\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { nLength, validateField } from \"./modular.js\";\nimport { bitLen, bitMask, validateObject } from \"./utils.js\";\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nfunction constTimeNegate(condition, item) {\n const neg = item.negate();\n return condition ? neg : item;\n}\nfunction validateW(W, bits) {\n if (!Number.isSafeInteger(W) \|\| W <= 0 \|\| W > bits)\n throw new Error('invalid window size, expected [1..' + bits + '], got W=' + W);\n}\nfunction calcWOpts(W, scalarBits) {\n validateW(W, scalarBits);\n const windows = Math.ceil(scalarBits / W) + 1; // W=8 33. Not 32, because we skip zero\n const windowSize = 2 * (W - 1); // W=8 128. Not 256, because we skip zero\n const maxNumber = 2 ** W; // W=8 256\n const mask = bitMask(W); // W=8 255 == mask 0b11111111\n const shiftBy = BigInt(W); // W=8 8\n return { windows, windowSize, mask, maxNumber, shiftBy };\n}\nfunction calcOffsets(n, window, wOpts) {\n const { windowSize, mask, maxNumber, shiftBy } = wOpts;\n let wbits = Number(n & mask); // extract W bits.\n let nextN = n >> shiftBy; // shift number by W bits.\n // What actually happens here:\n // const highestBit = Number(mask ^ (mask >> 1n));\n // let wbits2 = wbits - 1; // skip zero\n // if (wbits2 & highestBit) { wbits2 ^= Number(mask); // (~);\n // split if bits > max: +224 => 256-32\n if (wbits > windowSize) {\n // we skip zero, which means instead of `>= size-1`, we do `> size`\n wbits -= maxNumber; // -32, can be maxNumber - wbits, but then we need to set isNeg here.\n nextN += _1n; // +256 (carry)\n }\n const offsetStart = window * windowSize;\n const offset = offsetStart + Math.abs(wbits) - 1; // -1 because we skip zero\n const isZero = wbits === 0; // is current window slice a 0?\n const isNeg = wbits < 0; // is current window slice negative?\n const isNegF = window % 2 !== 0; // fake random statement for noise\n const offsetF = offsetStart; // fake offset for noise\n return { nextN, offset, isZero, isNeg, isNegF, offsetF };\n}\nfunction validateMSMPoints(points, c) {\n if (!Array.isArray(points))\n throw new Error('array expected');\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error('invalid point at index ' + i);\n });\n}\nfunction validateMSMScalars(scalars, field) {\n if (!Array.isArray(scalars))\n throw new Error('array of scalars expected');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error('invalid scalar at index ' + i);\n });\n}\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes.\n// Allows to make points frozen / immutable.\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap();\nfunction getW(P) {\n return pointWindowSizes.get(P) \|\| 1;\n}\n/*\n Elliptic curve multiplication of Point by scalar. Fragile.\n * Scalars should always be less than curve order: this should be checked inside of a curve itself.\n * Creates precomputation tables for fast multiplication:\n * - private scalar is split by fixed size windows of W bits\n * - every window point is collected from window's table & added to accumulator\n * - since windows are different, same point inside tables won't be accessed more than once per calc\n * - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n * - +1 window is neccessary for wNAF\n * - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n \n @todo Research returning 2d JS array of windows, instead of a single window.\n * This would allow windows to be in different memory locations\n /\nexport function wNAF(c, bits) {\n return {\n constTimeNegate,\n hasPrecomputes(elm) {\n return getW(elm) !== 1;\n },\n // non-const time multiplication ladder\n unsafeLadder(elm, n, p = c.ZERO) {\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n },\n /\n Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @param elm Point instance\n * @param W window size\n * @returns precomputed point tables flattened to a single array\n /\n precomputeWindow(elm, W) {\n const { windows, windowSize } = calcWOpts(W, bits);\n const points = [];\n let p = elm;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // i=1, bc we skip 0\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n },\n /\n Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @returns real and fake (for const-time) points\n /\n wNAF(W, precomputes, n) {\n // Smaller version:\n // https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541\n // TODO: check the scalar is less than group order?\n // wNAF behavior is undefined otherwise. But have to carefully remove\n // other checks before wNAF. ORDER == bits here.\n // Accumulators\n let p = c.ZERO;\n let f = c.BASE;\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 * W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n const wo = calcWOpts(W, bits);\n for (let window = 0; window < wo.windows; window++) {\n // (n === _0n) is handled and not early-exited. isEven and offsetF are used for noise\n const { nextN, offset, isZero, isNeg, isNegF, offsetF } = calcOffsets(n, window, wo);\n n = nextN;\n if (isZero) {\n // bits are 0: add garbage to fake point\n // Important part for const-time getPublicKey: add random \"noise\" point to f.\n f = f.add(constTimeNegate(isNegF, precomputes[offsetF]));\n }\n else {\n // bits are 1: add to result point\n p = p.add(constTimeNegate(isNeg, precomputes[offset]));\n }\n }\n // Return both real and fake points: JIT won't eliminate f.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n },\n /*\n Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.\n * @param W window size\n * @param precomputes precomputed tables\n * @param n scalar (we don't check here, but should be less than curve order)\n * @param acc accumulator point to add result of multiplication\n * @returns point\n /\n wNAFUnsafe(W, precomputes, n, acc = c.ZERO) {\n const wo = calcWOpts(W, bits);\n for (let window = 0; window < wo.windows; window++) {\n if (n === _0n)\n break; // Early-exit, skip 0 value\n const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);\n n = nextN;\n if (isZero) {\n // Window bits are 0: skip processing.\n // Move to next window.\n continue;\n }\n else {\n const item = precomputes[offset];\n acc = acc.add(isNeg ? item.negate() : item); // Re-using acc allows to save adds in MSM\n }\n }\n return acc;\n },\n getPrecomputes(W, P, transform) {\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(P);\n if (!comp) {\n comp = this.precomputeWindow(P, W);\n if (W !== 1)\n pointPrecomputes.set(P, transform(comp));\n }\n return comp;\n },\n wNAFCached(P, n, transform) {\n const W = getW(P);\n return this.wNAF(W, this.getPrecomputes(W, P, transform), n);\n },\n wNAFCachedUnsafe(P, n, transform, prev) {\n const W = getW(P);\n if (W === 1)\n return this.unsafeLadder(P, n, prev); // For W=1 ladder is ~x2 faster\n return this.wNAFUnsafe(W, this.getPrecomputes(W, P, transform), n, prev);\n },\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n setWindowSize(P, W) {\n validateW(W, bits);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n },\n };\n}\n/\n Pippenger algorithm for multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster than precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param fieldN field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka private keys / bigints)\n /\nexport function pippenger(c, fieldN, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n validateMSMPoints(points, c);\n validateMSMScalars(scalars, fieldN);\n const plength = points.length;\n const slength = scalars.length;\n if (plength !== slength)\n throw new Error('arrays of points and scalars must have equal length');\n // if (plength === 0) throw new Error('array must be of length >= 2');\n const zero = c.ZERO;\n const wbits = bitLen(BigInt(plength));\n let windowSize = 1; // bits\n if (wbits > 12)\n windowSize = wbits - 3;\n else if (wbits > 4)\n windowSize = wbits - 2;\n else if (wbits > 0)\n windowSize = 2;\n const MASK = bitMask(windowSize);\n const buckets = new Array(Number(MASK) + 1).fill(zero); // +1 for zero array\n const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) windowSize;\n let sum = zero;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(zero);\n for (let j = 0; j < slength; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & MASK);\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = zero; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\n/*\n Precomputed multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).\n * @param c Curve Point constructor\n * @param fieldN field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @returns function which multiplies points with scaars\n /\nexport function precomputeMSMUnsafe(c, fieldN, points, windowSize) {\n /\n Performance Analysis of Window-based Precomputation\n \n Base Case (256-bit scalar, 8-bit window):\n * - Standard precomputation requires:\n * - 31 additions per scalar × 256 scalars = 7,936 ops\n * - Plus 255 summary additions = 8,191 total ops\n * Note: Summary additions can be optimized via accumulator\n \n Chunked Precomputation Analysis:\n * - Using 32 chunks requires:\n * - 255 additions per chunk\n * - 256 doublings\n * - Total: (255 × 32) + 256 = 8,416 ops\n \n Memory Usage Comparison:\n * Window Size \| Standard Points \| Chunked Points\n * ------------\|-----------------\|---------------\n * 4-bit \| 520 \| 15\n * 8-bit \| 4,224 \| 255\n * 10-bit \| 13,824 \| 1,023\n * 16-bit \| 557,056 \| 65,535\n \n Key Advantages:\n * 1. Enables larger window sizes due to reduced memory overhead\n * 2. More efficient for smaller scalar counts:\n * - 16 chunks: (16 × 255) + 256 = 4,336 ops\n * - ~2x faster than standard 8,191 ops\n \n Limitations:\n * - Not suitable for plain precomputes (requires 256 constant doublings)\n * - Performance degrades with larger scalar counts:\n * - Optimal for ~256 scalars\n * - Less efficient for 4096+ scalars (Pippenger preferred)\n /\n validateW(windowSize, fieldN.BITS);\n validateMSMPoints(points, c);\n const zero = c.ZERO;\n const tableSize = 2 * windowSize - 1; // table size (without zero)\n const chunks = Math.ceil(fieldN.BITS / windowSize); // chunks of item\n const MASK = bitMask(windowSize);\n const tables = points.map((p) => {\n const res = [];\n for (let i = 0, acc = p; i < tableSize; i++) {\n res.push(acc);\n acc = acc.add(p);\n }\n return res;\n });\n return (scalars) => {\n validateMSMScalars(scalars, fieldN);\n if (scalars.length > points.length)\n throw new Error('array of scalars must be smaller than array of points');\n let res = zero;\n for (let i = 0; i < chunks; i++) {\n // No need to double if accumulator is still zero.\n if (res !== zero)\n for (let j = 0; j < windowSize; j++)\n res = res.double();\n const shiftBy = BigInt(chunks * windowSize - (i + 1) * windowSize);\n for (let j = 0; j < scalars.length; j++) {\n const n = scalars[j];\n const curr = Number((n >> shiftBy) & MASK);\n if (!curr)\n continue; // skip zero scalars chunks\n res = res.add(tables[j][curr - 1]);\n }\n }\n return res;\n };\n}\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\n//# sourceMappingURL=curve.js.map"],"names":["_0n","BigInt","_1n","constTimeNegate","condition","item","neg","negate","validateW","W","bits","Number","isSafeInteger","Error","calcWOpts","scalarBits","maxNumber","windows","Math","ceil","windowSize","mask","bitMask","shiftBy","calcOffsets","n","window","wOpts","wbits","nextN","offsetStart","offset","abs","isZero","isNeg","isNegF","offsetF","pointPrecomputes","WeakMap","pointWindowSizes","getW","P","get","wNAF","c","hasPrecomputes","elm","unsafeLadder","p","ZERO","d","add","double","precomputeWindow","points","base","push","i","precomputes","f","BASE","wo","wNAFUnsafe","acc","getPrecomputes","transform","comp","this","set","wNAFCached","wNAFCachedUnsafe","prev","setWindowSize","delete","pippenger","fieldN","scalars","Array","isArray","forEach","validateMSMPoints","field","s","isValid","validateMSMScalars","plength","length","slength","zero","bitLen","MASK","buckets","fill","sum","floor","BITS","j","scalar","resI","sumI","validateBasic","curve","validateField","Fp","validateObject","h","Gx","Gy","nBitLength","nByteLength","Object","freeze","nLength","ORDER"],"mappings":";sEASA,MAAMA,EAAMC,OAAO,GACbC,EAAMD,OAAO,GAsBnB,SAASE,EAAoCC,EAAoBC,GAC/D,MAAMC,EAAMD,EAAKE,SACjB,OAAOH,EAAYE,EAAMD,CAC3B,CAEA,SAASG,EAAUC,EAAWC,GAC5B,IAAKC,OAAOC,cAAcH,IAAMA,GAAK,GAAKA,EAAIC,EAC5C,MAAM,IAAIG,MAAM,qCAAuCH,EAAO,YAAcD,EAChF,CAWA,SAASK,EAAUL,EAAWM,GAC5BP,EAAUC,EAAGM,GACb,MAEMC,EAAY,GAAKP,EAGvB,MAAO,CAAEQ,QALOC,KAAKC,KAAKJ,EAAaN,GAAK,EAK1BW,WAJC,IAAMX,EAAI,GAICY,KAFjBC,EAAQb,GAEeO,YAAWO,QAD/BtB,OAAOQ,GAEzB,CAEA,SAASe,EAAYC,EAAWC,EAAgBC,GAC9C,MAAMP,WAAEA,EAAUC,KAAEA,EAAIL,UAAEA,EAASO,QAAEA,GAAYI,EACjD,IAAIC,EAAQjB,OAAOc,EAAIJ,GACnBQ,EAAQJ,GAAKF,EAQbK,EAAQR,IAEVQ,GAASZ,EACTa,GAAS3B,GAEX,MAAM4B,EAAcJ,EAASN,EAM7B,MAAO,CAAES,QAAOE,OALDD,EAAcZ,KAAKc,IAAIJ,GAAS,EAKvBK,OAJC,IAAVL,EAIiBM,MAHlBN,EAAQ,EAGiBO,OAFxBT,EAAS,GAAM,EAEiBU,QAD/BN,EAElB,CAkBA,MAAMO,EAAmB,IAAIC,QACvBC,EAAmB,IAAID,QAE7B,SAASE,EAAKC,GACZ,OAAOF,EAAiBG,IAAID,IAAM,CACpC,CA6BM,SAAUE,EAAyBC,EAAwBlC,GAC/D,MAAO,CACLP,kBAEA0C,eAAeC,GACQ,IAAdN,EAAKM,GAIdC,YAAAA,CAAaD,EAAQrB,EAAWuB,EAAIJ,EAAEK,MACpC,IAAIC,EAAOJ,EACX,KAAOrB,EAAIzB,GACLyB,EAAIvB,IAAK8C,EAAIA,EAAEG,IAAID,IACvBA,EAAIA,EAAEE,SACN3B,IAAMvB,EAER,OAAO8C,CACR,EAcDK,gBAAAA,CAAiBP,EAAQrC,GACvB,MAAMQ,QAAEA,EAAOG,WAAEA,GAAeN,EAAUL,EAAGC,GACvC4C,EAAc,GACpB,IAAIN,EAAOF,EACPS,EAAOP,EACX,IAAK,IAAItB,EAAS,EAAGA,EAAST,EAASS,IAAU,CAC/C6B,EAAOP,EACPM,EAAOE,KAAKD,GAEZ,IAAK,IAAIE,EAAI,EAAGA,EAAIrC,EAAYqC,IAC9BF,EAAOA,EAAKJ,IAAIH,GAChBM,EAAOE,KAAKD,GAEdP,EAAIO,EAAKH,QACX,CACA,OAAOE,CACR,EASDX,IAAAA,CAAKlC,EAAWiD,EAAkBjC,GAOhC,IAAIuB,EAAIJ,EAAEK,KACNU,EAAIf,EAAEgB,KAMV,MAAMC,EAAK/C,EAAUL,EAAGC,GACxB,IAAK,IAAIgB,EAAS,EAAGA,EAASmC,EAAG5C,QAASS,IAAU,CAElD,MAAMG,MAAEA,EAAKE,OAAEA,EAAME,OAAEA,EAAMC,MAAEA,EAAKC,OAAEA,EAAMC,QAAEA,GAAYZ,EAAYC,EAAGC,EAAQmC,GACjFpC,EAAII,EACAI,EAGF0B,EAAIA,EAAER,IAAIhD,EAAgBgC,EAAQuB,EAAYtB,KAG9CY,EAAIA,EAAEG,IAAIhD,EAAgB+B,EAAOwB,EAAY3B,IAEjD,CAIA,MAAO,CAAEiB,IAAGW,IACb,EAUDG,UAAAA,CAAWrD,EAAWiD,EAAkBjC,EAAWsC,EAASnB,EAAEK,MAC5D,MAAMY,EAAK/C,EAAUL,EAAGC,GACxB,IAAK,IAAIgB,EAAS,EAAGA,EAASmC,EAAG5C,SAC3BQ,IAAMzB,EAD8B0B,IAAU,CAElD,MAAMG,MAAEA,EAAKE,OAAEA,EAAME,OAAEA,EAAMC,MAAEA,GAAUV,EAAYC,EAAGC,EAAQmC,GAEhE,GADApC,EAAII,GACAI,EAIG,CACL,MAAM5B,EAAOqD,EAAY3B,GACzBgC,EAAMA,EAAIZ,IAAIjB,EAAQ7B,EAAKE,SAAWF,EACxC,CACF,CACA,OAAO0D,CACR,EAEDC,cAAAA,CAAevD,EAAWgC,EAAMwB,GAE9B,IAAIC,EAAO7B,EAAiBK,IAAID,GAKhC,OAJKyB,IACHA,EAAOC,KAAKd,iBAAiBZ,EAAGhC,GACtB,IAANA,GAAS4B,EAAiB+B,IAAI3B,EAAGwB,EAAUC,KAE1CA,CACR,EAEDG,UAAAA,CAAW5B,EAAMhB,EAAWwC,GAC1B,MAAMxD,EAAI+B,EAAKC,GACf,OAAO0B,KAAKxB,KAAKlC,EAAG0D,KAAKH,eAAevD,EAAGgC,EAAGwB,GAAYxC,EAC3D,EAED6C,gBAAAA,CAAiB7B,EAAMhB,EAAWwC,EAAsBM,GACtD,MAAM9D,EAAI+B,EAAKC,GACf,OAAU,IAANhC,EAAgB0D,KAAKpB,aAAaN,EAAGhB,EAAG8C,GACrCJ,KAAKL,WAAWrD,EAAG0D,KAAKH,eAAevD,EAAGgC,EAAGwB,GAAYxC,EAAG8C,EACpE,EAMDC,aAAAA,CAAc/B,EAAMhC,GAClBD,EAAUC,EAAGC,GACb6B,EAAiB6B,IAAI3B,EAAGhC,GACxB4B,EAAiBoC,OAAOhC,EAC1B,EAEJ,CAYM,SAAUiC,EACd9B,EACA+B,EACArB,EACAsB,IArNF,SAA2BtB,EAAeV,GACxC,IAAKiC,MAAMC,QAAQxB,GAAS,MAAM,IAAIzC,MAAM,kBAC5CyC,EAAOyB,SAAQ,CAAC/B,EAAGS,KACjB,KAAMT,aAAaJ,GAAI,MAAM,IAAI/B,MAAM,0BAA4B4C,EAAE,GAEzE,CAwNEuB,CAAkB1B,EAAQV,GAvN5B,SAA4BgC,EAAgBK,GAC1C,IAAKJ,MAAMC,QAAQF,GAAU,MAAM,IAAI/D,MAAM,6BAC7C+D,EAAQG,SAAQ,CAACG,EAAGzB,KAClB,IAAKwB,EAAME,QAAQD,GAAI,MAAM,IAAIrE,MAAM,2BAA6B4C,EAAE,GAE1E,CAmNE2B,CAAmBR,EAASD,GAC5B,MAAMU,EAAU/B,EAAOgC,OACjBC,EAAUX,EAAQU,OACxB,GAAID,IAAYE,EAAS,MAAM,IAAI1E,MAAM,uDAEzC,MAAM2E,EAAO5C,EAAEK,KACTrB,EAAQ6D,EAAOxF,OAAOoF,IAC5B,IAAIjE,EAAa,EACbQ,EAAQ,GAAIR,EAAaQ,EAAQ,EAC5BA,EAAQ,EAAGR,EAAaQ,EAAQ,EAChCA,EAAQ,IAAGR,EAAa,GACjC,MAAMsE,EAAOpE,EAAQF,GACfuE,EAAU,IAAId,MAAMlE,OAAO+E,GAAQ,GAAGE,KAAKJ,GAEjD,IAAIK,EAAML,EACV,IAAK,IAAI/B,EAFQvC,KAAK4E,OAAOnB,EAAOoB,KAAO,GAAK3E,GAAcA,EAEvCqC,GAAK,EAAGA,GAAKrC,EAAY,CAC9CuE,EAAQC,KAAKJ,GACb,IAAK,IAAIQ,EAAI,EAAGA,EAAIT,EAASS,IAAK,CAChC,MAAMC,EAASrB,EAAQoB,GACjBpE,EAAQjB,OAAQsF,GAAUhG,OAAOwD,GAAMiC,GAC7CC,EAAQ/D,GAAS+D,EAAQ/D,GAAOuB,IAAIG,EAAO0C,GAC7C,CACA,IAAIE,EAAOV,EAEX,IAAK,IAAIQ,EAAIL,EAAQL,OAAS,EAAGa,EAAOX,EAAMQ,EAAI,EAAGA,IACnDG,EAAOA,EAAKhD,IAAIwC,EAAQK,IACxBE,EAAOA,EAAK/C,IAAIgD,GAGlB,GADAN,EAAMA,EAAI1C,IAAI+C,GACJ,IAANzC,EAAS,IAAK,IAAIuC,EAAI,EAAGA,EAAI5E,EAAY4E,IAAKH,EAAMA,EAAIzC,QAC9D,CACA,OAAOyC,CACT,CAmGM,SAAUO,EACdC,GAyBA,OAfAC,EAAcD,EAAME,IACpBC,EACEH,EACA,CACE5E,EAAG,SACHgF,EAAG,SACHC,GAAI,QACJC,GAAI,SAEN,CACEC,WAAY,gBACZC,YAAa,kBAIVC,OAAOC,OAAO,IAChBC,EAAQX,EAAM5E,EAAG4E,EAAMO,eACvBP,EACErD,EAAGqD,EAAME,GAAGU,OAErB","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"curve.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/curve.js"],"sourcesContent":["/*\n Methods for elliptic curve multiplication by scalars.\n * Contains wNAF, pippenger.\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { bitLen, bitMask, validateObject } from \"../utils.js\";\nimport { Field, FpInvertBatch, nLength, validateField } from \"./modular.js\";\nconst _0n = BigInt(0);\nconst _1n = BigInt(1);\nexport function negateCt(condition, item) {\n const neg = item.negate();\n return condition ? neg : item;\n}\n/\n Takes a bunch of Projective Points but executes only one\n * inversion on all of them. Inversion is very slow operation,\n * so this improves performance massively.\n * Optimization: converts a list of projective points to a list of identical points with Z=1.\n /\nexport function normalizeZ(c, points) {\n const invertedZs = FpInvertBatch(c.Fp, points.map((p) => p.Z));\n return points.map((p, i) => c.fromAffine(p.toAffine(invertedZs[i])));\n}\nfunction validateW(W, bits) {\n if (!Number.isSafeInteger(W) \|\| W <= 0 \|\| W > bits)\n throw new Error('invalid window size, expected [1..' + bits + '], got W=' + W);\n}\nfunction calcWOpts(W, scalarBits) {\n validateW(W, scalarBits);\n const windows = Math.ceil(scalarBits / W) + 1; // W=8 33. Not 32, because we skip zero\n const windowSize = 2 * (W - 1); // W=8 128. Not 256, because we skip zero\n const maxNumber = 2 ** W; // W=8 256\n const mask = bitMask(W); // W=8 255 == mask 0b11111111\n const shiftBy = BigInt(W); // W=8 8\n return { windows, windowSize, mask, maxNumber, shiftBy };\n}\nfunction calcOffsets(n, window, wOpts) {\n const { windowSize, mask, maxNumber, shiftBy } = wOpts;\n let wbits = Number(n & mask); // extract W bits.\n let nextN = n >> shiftBy; // shift number by W bits.\n // What actually happens here:\n // const highestBit = Number(mask ^ (mask >> 1n));\n // let wbits2 = wbits - 1; // skip zero\n // if (wbits2 & highestBit) { wbits2 ^= Number(mask); // (~);\n // split if bits > max: +224 => 256-32\n if (wbits > windowSize) {\n // we skip zero, which means instead of `>= size-1`, we do `> size`\n wbits -= maxNumber; // -32, can be maxNumber - wbits, but then we need to set isNeg here.\n nextN += _1n; // +256 (carry)\n }\n const offsetStart = window * windowSize;\n const offset = offsetStart + Math.abs(wbits) - 1; // -1 because we skip zero\n const isZero = wbits === 0; // is current window slice a 0?\n const isNeg = wbits < 0; // is current window slice negative?\n const isNegF = window % 2 !== 0; // fake random statement for noise\n const offsetF = offsetStart; // fake offset for noise\n return { nextN, offset, isZero, isNeg, isNegF, offsetF };\n}\nfunction validateMSMPoints(points, c) {\n if (!Array.isArray(points))\n throw new Error('array expected');\n points.forEach((p, i) => {\n if (!(p instanceof c))\n throw new Error('invalid point at index ' + i);\n });\n}\nfunction validateMSMScalars(scalars, field) {\n if (!Array.isArray(scalars))\n throw new Error('array of scalars expected');\n scalars.forEach((s, i) => {\n if (!field.isValid(s))\n throw new Error('invalid scalar at index ' + i);\n });\n}\n// Since points in different groups cannot be equal (different object constructor),\n// we can have single place to store precomputes.\n// Allows to make points frozen / immutable.\nconst pointPrecomputes = new WeakMap();\nconst pointWindowSizes = new WeakMap();\nfunction getW(P) {\n // To disable precomputes:\n // return 1;\n return pointWindowSizes.get(P) \|\| 1;\n}\nfunction assert0(n) {\n if (n !== _0n)\n throw new Error('invalid wNAF');\n}\n/*\n Elliptic curve multiplication of Point by scalar. Fragile.\n * Table generation takes 30MB of ram and 10ms on high-end CPU,\n * but may take much longer on slow devices. Actual generation will happen on\n * first call of `multiply()`. By default, `BASE` point is precomputed.\n \n Scalars should always be less than curve order: this should be checked inside of a curve itself.\n * Creates precomputation tables for fast multiplication:\n * - private scalar is split by fixed size windows of W bits\n * - every window point is collected from window's table & added to accumulator\n * - since windows are different, same point inside tables won't be accessed more than once per calc\n * - each multiplication is 'Math.ceil(CURVE_ORDER / 𝑊) + 1' point additions (fixed for any scalar)\n * - +1 window is neccessary for wNAF\n * - wNAF reduces table size: 2x less memory + 2x faster generation, but 10% slower multiplication\n \n @todo Research returning 2d JS array of windows, instead of a single window.\n * This would allow windows to be in different memory locations\n /\nexport class wNAF {\n // Parametrized with a given Point class (not individual point)\n constructor(Point, bits) {\n this.BASE = Point.BASE;\n this.ZERO = Point.ZERO;\n this.Fn = Point.Fn;\n this.bits = bits;\n }\n // non-const time multiplication ladder\n _unsafeLadder(elm, n, p = this.ZERO) {\n let d = elm;\n while (n > _0n) {\n if (n & _1n)\n p = p.add(d);\n d = d.double();\n n >>= _1n;\n }\n return p;\n }\n /\n Creates a wNAF precomputation window. Used for caching.\n * Default window size is set by `utils.precompute()` and is equal to 8.\n * Number of precomputed points depends on the curve size:\n * 2^(𝑊−1) * (Math.ceil(𝑛 / 𝑊) + 1), where:\n * - 𝑊 is the window size\n * - 𝑛 is the bitlength of the curve order.\n * For a 256-bit curve and window size 8, the number of precomputed points is 128 * 33 = 4224.\n * @param point Point instance\n * @param W window size\n * @returns precomputed point tables flattened to a single array\n /\n precomputeWindow(point, W) {\n const { windows, windowSize } = calcWOpts(W, this.bits);\n const points = [];\n let p = point;\n let base = p;\n for (let window = 0; window < windows; window++) {\n base = p;\n points.push(base);\n // i=1, bc we skip 0\n for (let i = 1; i < windowSize; i++) {\n base = base.add(p);\n points.push(base);\n }\n p = base.double();\n }\n return points;\n }\n /\n Implements ec multiplication using precomputed tables and w-ary non-adjacent form.\n * More compact implementation:\n * https://github.com/paulmillr/noble-secp256k1/blob/47cb1669b6e506ad66b35fe7d76132ae97465da2/index.ts#L502-L541\n * @returns real and fake (for const-time) points\n /\n wNAF(W, precomputes, n) {\n // Scalar should be smaller than field order\n if (!this.Fn.isValid(n))\n throw new Error('invalid scalar');\n // Accumulators\n let p = this.ZERO;\n let f = this.BASE;\n // This code was first written with assumption that 'f' and 'p' will never be infinity point:\n // since each addition is multiplied by 2 * W, it cannot cancel each other. However,\n // there is negate now: it is possible that negated element from low value\n // would be the same as high element, which will create carry into next window.\n // It's not obvious how this can fail, but still worth investigating later.\n const wo = calcWOpts(W, this.bits);\n for (let window = 0; window < wo.windows; window++) {\n // (n === _0n) is handled and not early-exited. isEven and offsetF are used for noise\n const { nextN, offset, isZero, isNeg, isNegF, offsetF } = calcOffsets(n, window, wo);\n n = nextN;\n if (isZero) {\n // bits are 0: add garbage to fake point\n // Important part for const-time getPublicKey: add random \"noise\" point to f.\n f = f.add(negateCt(isNegF, precomputes[offsetF]));\n }\n else {\n // bits are 1: add to result point\n p = p.add(negateCt(isNeg, precomputes[offset]));\n }\n }\n assert0(n);\n // Return both real and fake points: JIT won't eliminate f.\n // At this point there is a way to F be infinity-point even if p is not,\n // which makes it less const-time: around 1 bigint multiply.\n return { p, f };\n }\n /*\n Implements ec unsafe (non const-time) multiplication using precomputed tables and w-ary non-adjacent form.\n * @param acc accumulator point to add result of multiplication\n * @returns point\n /\n wNAFUnsafe(W, precomputes, n, acc = this.ZERO) {\n const wo = calcWOpts(W, this.bits);\n for (let window = 0; window < wo.windows; window++) {\n if (n === _0n)\n break; // Early-exit, skip 0 value\n const { nextN, offset, isZero, isNeg } = calcOffsets(n, window, wo);\n n = nextN;\n if (isZero) {\n // Window bits are 0: skip processing.\n // Move to next window.\n continue;\n }\n else {\n const item = precomputes[offset];\n acc = acc.add(isNeg ? item.negate() : item); // Re-using acc allows to save adds in MSM\n }\n }\n assert0(n);\n return acc;\n }\n getPrecomputes(W, point, transform) {\n // Calculate precomputes on a first run, reuse them after\n let comp = pointPrecomputes.get(point);\n if (!comp) {\n comp = this.precomputeWindow(point, W);\n if (W !== 1) {\n // Doing transform outside of if brings 15% perf hit\n if (typeof transform === 'function')\n comp = transform(comp);\n pointPrecomputes.set(point, comp);\n }\n }\n return comp;\n }\n cached(point, scalar, transform) {\n const W = getW(point);\n return this.wNAF(W, this.getPrecomputes(W, point, transform), scalar);\n }\n unsafe(point, scalar, transform, prev) {\n const W = getW(point);\n if (W === 1)\n return this._unsafeLadder(point, scalar, prev); // For W=1 ladder is ~x2 faster\n return this.wNAFUnsafe(W, this.getPrecomputes(W, point, transform), scalar, prev);\n }\n // We calculate precomputes for elliptic curve point multiplication\n // using windowed method. This specifies window size and\n // stores precomputed values. Usually only base point would be precomputed.\n createCache(P, W) {\n validateW(W, this.bits);\n pointWindowSizes.set(P, W);\n pointPrecomputes.delete(P);\n }\n hasCache(elm) {\n return getW(elm) !== 1;\n }\n}\n/\n Endomorphism-specific multiplication for Koblitz curves.\n * Cost: 128 dbl, 0-256 adds.\n /\nexport function mulEndoUnsafe(Point, point, k1, k2) {\n let acc = point;\n let p1 = Point.ZERO;\n let p2 = Point.ZERO;\n while (k1 > _0n \|\| k2 > _0n) {\n if (k1 & _1n)\n p1 = p1.add(acc);\n if (k2 & _1n)\n p2 = p2.add(acc);\n acc = acc.double();\n k1 >>= _1n;\n k2 >>= _1n;\n }\n return { p1, p2 };\n}\n/\n Pippenger algorithm for multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).\n * 30x faster vs naive addition on L=4096, 10x faster than precomputes.\n * For N=254bit, L=1, it does: 1024 ADD + 254 DBL. For L=5: 1536 ADD + 254 DBL.\n * Algorithmically constant-time (for same L), even when 1 point + scalar, or when scalar = 0.\n * @param c Curve Point constructor\n * @param fieldN field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @param scalars array of L scalars (aka secret keys / bigints)\n /\nexport function pippenger(c, fieldN, points, scalars) {\n // If we split scalars by some window (let's say 8 bits), every chunk will only\n // take 256 buckets even if there are 4096 scalars, also re-uses double.\n // TODO:\n // - https://eprint.iacr.org/2024/750.pdf\n // - https://tches.iacr.org/index.php/TCHES/article/view/10287\n // 0 is accepted in scalars\n validateMSMPoints(points, c);\n validateMSMScalars(scalars, fieldN);\n const plength = points.length;\n const slength = scalars.length;\n if (plength !== slength)\n throw new Error('arrays of points and scalars must have equal length');\n // if (plength === 0) throw new Error('array must be of length >= 2');\n const zero = c.ZERO;\n const wbits = bitLen(BigInt(plength));\n let windowSize = 1; // bits\n if (wbits > 12)\n windowSize = wbits - 3;\n else if (wbits > 4)\n windowSize = wbits - 2;\n else if (wbits > 0)\n windowSize = 2;\n const MASK = bitMask(windowSize);\n const buckets = new Array(Number(MASK) + 1).fill(zero); // +1 for zero array\n const lastBits = Math.floor((fieldN.BITS - 1) / windowSize) windowSize;\n let sum = zero;\n for (let i = lastBits; i >= 0; i -= windowSize) {\n buckets.fill(zero);\n for (let j = 0; j < slength; j++) {\n const scalar = scalars[j];\n const wbits = Number((scalar >> BigInt(i)) & MASK);\n buckets[wbits] = buckets[wbits].add(points[j]);\n }\n let resI = zero; // not using this will do small speed-up, but will lose ct\n // Skip first bucket, because it is zero\n for (let j = buckets.length - 1, sumI = zero; j > 0; j--) {\n sumI = sumI.add(buckets[j]);\n resI = resI.add(sumI);\n }\n sum = sum.add(resI);\n if (i !== 0)\n for (let j = 0; j < windowSize; j++)\n sum = sum.double();\n }\n return sum;\n}\n/*\n Precomputed multi-scalar multiplication (MSM, Pa + Qb + Rc + ...).\n * @param c Curve Point constructor\n * @param fieldN field over CURVE.N - important that it's not over CURVE.P\n * @param points array of L curve points\n * @returns function which multiplies points with scaars\n /\nexport function precomputeMSMUnsafe(c, fieldN, points, windowSize) {\n /\n Performance Analysis of Window-based Precomputation\n \n Base Case (256-bit scalar, 8-bit window):\n * - Standard precomputation requires:\n * - 31 additions per scalar × 256 scalars = 7,936 ops\n * - Plus 255 summary additions = 8,191 total ops\n * Note: Summary additions can be optimized via accumulator\n \n Chunked Precomputation Analysis:\n * - Using 32 chunks requires:\n * - 255 additions per chunk\n * - 256 doublings\n * - Total: (255 × 32) + 256 = 8,416 ops\n \n Memory Usage Comparison:\n * Window Size \| Standard Points \| Chunked Points\n * ------------\|-----------------\|---------------\n * 4-bit \| 520 \| 15\n * 8-bit \| 4,224 \| 255\n * 10-bit \| 13,824 \| 1,023\n * 16-bit \| 557,056 \| 65,535\n \n Key Advantages:\n * 1. Enables larger window sizes due to reduced memory overhead\n * 2. More efficient for smaller scalar counts:\n * - 16 chunks: (16 × 255) + 256 = 4,336 ops\n * - ~2x faster than standard 8,191 ops\n \n Limitations:\n * - Not suitable for plain precomputes (requires 256 constant doublings)\n * - Performance degrades with larger scalar counts:\n * - Optimal for ~256 scalars\n * - Less efficient for 4096+ scalars (Pippenger preferred)\n /\n validateW(windowSize, fieldN.BITS);\n validateMSMPoints(points, c);\n const zero = c.ZERO;\n const tableSize = 2 * windowSize - 1; // table size (without zero)\n const chunks = Math.ceil(fieldN.BITS / windowSize); // chunks of item\n const MASK = bitMask(windowSize);\n const tables = points.map((p) => {\n const res = [];\n for (let i = 0, acc = p; i < tableSize; i++) {\n res.push(acc);\n acc = acc.add(p);\n }\n return res;\n });\n return (scalars) => {\n validateMSMScalars(scalars, fieldN);\n if (scalars.length > points.length)\n throw new Error('array of scalars must be smaller than array of points');\n let res = zero;\n for (let i = 0; i < chunks; i++) {\n // No need to double if accumulator is still zero.\n if (res !== zero)\n for (let j = 0; j < windowSize; j++)\n res = res.double();\n const shiftBy = BigInt(chunks * windowSize - (i + 1) * windowSize);\n for (let j = 0; j < scalars.length; j++) {\n const n = scalars[j];\n const curr = Number((n >> shiftBy) & MASK);\n if (!curr)\n continue; // skip zero scalars chunks\n res = res.add(tables[j][curr - 1]);\n }\n }\n return res;\n };\n}\n// TODO: remove\n/** @deprecated /\nexport function validateBasic(curve) {\n validateField(curve.Fp);\n validateObject(curve, {\n n: 'bigint',\n h: 'bigint',\n Gx: 'field',\n Gy: 'field',\n }, {\n nBitLength: 'isSafeInteger',\n nByteLength: 'isSafeInteger',\n });\n // Set defaults\n return Object.freeze({\n ...nLength(curve.n, curve.nBitLength),\n ...curve,\n ...{ p: curve.Fp.ORDER },\n });\n}\nfunction createField(order, field, isLE) {\n if (field) {\n if (field.ORDER !== order)\n throw new Error('Field.ORDER must match order: Fp == p, Fn == n');\n validateField(field);\n return field;\n }\n else {\n return Field(order, { isLE });\n }\n}\n/* Validates CURVE opts and creates fields */\nexport function _createCurveFields(type, CURVE, curveOpts = {}, FpFnLE) {\n if (FpFnLE === undefined)\n FpFnLE = type === 'edwards';\n if (!CURVE \|\| typeof CURVE !== 'object')\n throw new Error(`expected valid ${type} CURVE object`);\n for (const p of ['p', 'n', 'h']) {\n const val = CURVE[p];\n if (!(typeof val === 'bigint' && val > _0n))\n throw new Error(`CURVE.${p} must be positive bigint`);\n }\n const Fp = createField(CURVE.p, curveOpts.Fp, FpFnLE);\n const Fn = createField(CURVE.n, curveOpts.Fn, FpFnLE);\n const _b = type === 'weierstrass' ? 'b' : 'd';\n const params = ['Gx', 'Gy', 'a', _b];\n for (const p of params) {\n // @ts-ignore\n if (!Fp.isValid(CURVE[p]))\n throw new Error(`CURVE.${p} must be valid field element of CURVE.Fp`);\n }\n CURVE = Object.freeze(Object.assign({}, CURVE));\n return { CURVE, Fp, Fn };\n}\n//# sourceMappingURL=curve.js.map"],"names":["_0n","BigInt","_1n","negateCt","condition","item","neg","negate","normalizeZ","c","points","invertedZs","FpInvertBatch","Fp","map","p","Z","i","fromAffine","toAffine","validateW","W","bits","Number","isSafeInteger","Error","calcWOpts","scalarBits","maxNumber","windows","Math","ceil","windowSize","mask","bitMask","shiftBy","calcOffsets","n","window","wOpts","wbits","nextN","offsetStart","offset","abs","isZero","isNeg","isNegF","offsetF","pointPrecomputes","WeakMap","pointWindowSizes","getW","P","get","assert0","wNAF","constructor","Point","this","BASE","ZERO","Fn","_unsafeLadder","elm","d","add","double","precomputeWindow","point","base","push","precomputes","isValid","f","wo","wNAFUnsafe","acc","getPrecomputes","transform","comp","set","cached","scalar","unsafe","prev","createCache","delete","hasCache","pippenger","fieldN","scalars","Array","isArray","forEach","validateMSMPoints","field","s","validateMSMScalars","plength","length","slength","zero","bitLen","MASK","buckets","fill","sum","floor","BITS","j","resI","sumI","createField","order","isLE","ORDER","validateField","Field","_createCurveFields","type","CURVE","curveOpts","FpFnLE","undefined","val","params","Object","freeze","assign"],"mappings":";sEASA,MAAMA,EAAMC,OAAO,GACbC,EAAMD,OAAO,GA0Ib,SAAUE,EAAwCC,EAAoBC,GAC1E,MAAMC,EAAMD,EAAKE,SACjB,OAAOH,EAAYE,EAAMD,CAC3B,CAQM,SAAUG,EACdC,EACAC,GAEA,MAAMC,EAAaC,EACjBH,EAAEI,GACFH,EAAOI,IAAKC,GAAMA,EAAEC,IAEtB,OAAON,EAAOI,IAAI,CAACC,EAAGE,IAAMR,EAAES,WAAWH,EAAEI,SAASR,EAAWM,KACjE,CAEA,SAASG,EAAUC,EAAWC,GAC5B,IAAKC,OAAOC,cAAcH,IAAMA,GAAK,GAAKA,EAAIC,EAC5C,MAAM,IAAIG,MAAM,qCAAuCH,EAAO,YAAcD,EAChF,CAWA,SAASK,EAAUL,EAAWM,GAC5BP,EAAUC,EAAGM,GACb,MAEMC,EAAY,GAAKP,EAGvB,MAAO,CAAEQ,QALOC,KAAKC,KAAKJ,EAAaN,GAAK,EAK1BW,WAJC,IAAMX,EAAI,GAICY,KAFjBC,EAAQb,GAEeO,YAAWO,QAD/BlC,OAAOoB,GAEzB,CAEA,SAASe,EAAYC,EAAWC,EAAgBC,GAC9C,MAAMP,WAAEA,EAAUC,KAAEA,EAAIL,UAAEA,EAASO,QAAEA,GAAYI,EACjD,IAAIC,EAAQjB,OAAOc,EAAIJ,GACnBQ,EAAQJ,GAAKF,EAQbK,EAAQR,IAEVQ,GAASZ,EACTa,GAASvC,GAEX,MAAMwC,EAAcJ,EAASN,EAM7B,MAAO,CAAES,QAAOE,OALDD,EAAcZ,KAAKc,IAAIJ,GAAS,EAKvBK,OAJC,IAAVL,EAIiBM,MAHlBN,EAAQ,EAGiBO,OAFxBT,EAAS,GAAM,EAEiBU,QAD/BN,EAElB,CAkBA,MAAMO,EAAmB,IAAIC,QACvBC,EAAmB,IAAID,QAE7B,SAASE,EAAKC,GAGZ,OAAOF,EAAiBG,IAAID,IAAM,CACpC,CAEA,SAASE,EAAQlB,GACf,GAAIA,IAAMrC,EAAK,MAAM,IAAIyB,MAAM,eACjC,CAoBM,MAAO+B,EAOXC,WAAAA,CAAYC,EAAWpC,GACrBqC,KAAKC,KAAOF,EAAME,KAClBD,KAAKE,KAAOH,EAAMG,KAClBF,KAAKG,GAAKJ,EAAMI,GAChBH,KAAKrC,KAAOA,CACd,CAGAyC,aAAAA,CAAcC,EAAe3B,EAAWtB,EAAc4C,KAAKE,MACzD,IAAII,EAAcD,EAClB,KAAO3B,EAAIrC,GACLqC,EAAInC,IAAKa,EAAIA,EAAEmD,IAAID,IACvBA,EAAIA,EAAEE,SACN9B,IAAMnC,EAER,OAAOa,CACT,CAcQqD,gBAAAA,CAAiBC,EAAiBhD,GACxC,MAAMQ,QAAEA,EAAOG,WAAEA,GAAeN,EAAUL,EAAGsC,KAAKrC,MAC5CZ,EAAqB,GAC3B,IAAIK,EAAcsD,EACdC,EAAOvD,EACX,IAAK,IAAIuB,EAAS,EAAGA,EAAST,EAASS,IAAU,CAC/CgC,EAAOvD,EACPL,EAAO6D,KAAKD,GAEZ,IAAK,IAAIrD,EAAI,EAAGA,EAAIe,EAAYf,IAC9BqD,EAAOA,EAAKJ,IAAInD,GAChBL,EAAO6D,KAAKD,GAEdvD,EAAIuD,EAAKH,QACX,CACA,OAAOzD,CACT,CAQQ8C,IAAAA,CAAKnC,EAAWmD,EAAyBnC,GAE/C,IAAKsB,KAAKG,GAAGW,QAAQpC,GAAI,MAAM,IAAIZ,MAAM,kBAEzC,IAAIV,EAAI4C,KAAKE,KACTa,EAAIf,KAAKC,KAMb,MAAMe,EAAKjD,EAAUL,EAAGsC,KAAKrC,MAC7B,IAAK,IAAIgB,EAAS,EAAGA,EAASqC,EAAG9C,QAASS,IAAU,CAElD,MAAMG,MAAEA,EAAKE,OAAEA,EAAME,OAAEA,EAAMC,MAAEA,EAAKC,OAAEA,EAAMC,QAAEA,GAAYZ,EAAYC,EAAGC,EAAQqC,GACjFtC,EAAII,EACAI,EAGF6B,EAAIA,EAAER,IAAI/D,EAAS4C,EAAQyB,EAAYxB,KAGvCjC,EAAIA,EAAEmD,IAAI/D,EAAS2C,EAAO0B,EAAY7B,IAE1C,CAKA,OAJAY,EAAQlB,GAID,CAAEtB,IAAG2D,IACd,CAOQE,UAAAA,CACNvD,EACAmD,EACAnC,EACAwC,EAAgBlB,KAAKE,MAErB,MAAMc,EAAKjD,EAAUL,EAAGsC,KAAKrC,MAC7B,IAAK,IAAIgB,EAAS,EAAGA,EAASqC,EAAG9C,SAC3BQ,IAAMrC,EAD8BsC,IAAU,CAElD,MAAMG,MAAEA,EAAKE,OAAEA,EAAME,OAAEA,EAAMC,MAAEA,GAAUV,EAAYC,EAAGC,EAAQqC,GAEhE,GADAtC,EAAII,GACAI,EAIG,CACL,MAAMxC,EAAOmE,EAAY7B,GACzBkC,EAAMA,EAAIX,IAAIpB,EAAQzC,EAAKE,SAAWF,EACxC,CACF,CAEA,OADAkD,EAAQlB,GACDwC,CACT,CAEQC,cAAAA,CAAezD,EAAWgD,EAAiBU,GAEjD,IAAIC,EAAO/B,EAAiBK,IAAIe,GAShC,OARKW,IACHA,EAAOrB,KAAKS,iBAAiBC,EAAOhD,GAC1B,IAANA,IAEuB,mBAAd0D,IAA0BC,EAAOD,EAAUC,IACtD/B,EAAiBgC,IAAIZ,EAAOW,KAGzBA,CACT,CAEAE,MAAAA,CACEb,EACAc,EACAJ,GAEA,MAAM1D,EAAI+B,EAAKiB,GACf,OAAOV,KAAKH,KAAKnC,EAAGsC,KAAKmB,eAAezD,EAAGgD,EAAOU,GAAYI,EAChE,CAEAC,MAAAA,CAAOf,EAAiBc,EAAgBJ,EAA8BM,GACpE,MAAMhE,EAAI+B,EAAKiB,GACf,OAAU,IAANhD,EAAgBsC,KAAKI,cAAcM,EAAOc,EAAQE,GAC/C1B,KAAKiB,WAAWvD,EAAGsC,KAAKmB,eAAezD,EAAGgD,EAAOU,GAAYI,EAAQE,EAC9E,CAKAC,WAAAA,CAAYjC,EAAahC,GACvBD,EAAUC,EAAGsC,KAAKrC,MAClB6B,EAAiB8B,IAAI5B,EAAGhC,GACxB4B,EAAiBsC,OAAOlC,EAC1B,CAEAmC,QAAAA,CAASxB,GACP,OAAqB,IAAdZ,EAAKY,EACd,EAoCI,SAAUyB,EACdhF,EACAiF,EACAhF,EACAiF,IAzPF,SAA2BjF,EAAeD,GACxC,IAAKmF,MAAMC,QAAQnF,GAAS,MAAM,IAAIe,MAAM,kBAC5Cf,EAAOoF,QAAQ,CAAC/E,EAAGE,KACjB,KAAMF,aAAaN,GAAI,MAAM,IAAIgB,MAAM,0BAA4BR,IAEvE,CA4PE8E,CAAkBrF,EAAQD,GA3P5B,SAA4BkF,EAAgBK,GAC1C,IAAKJ,MAAMC,QAAQF,GAAU,MAAM,IAAIlE,MAAM,6BAC7CkE,EAAQG,QAAQ,CAACG,EAAGhF,KAClB,IAAK+E,EAAMvB,QAAQwB,GAAI,MAAM,IAAIxE,MAAM,2BAA6BR,IAExE,CAuPEiF,CAAmBP,EAASD,GAC5B,MAAMS,EAAUzF,EAAO0F,OACjBC,EAAUV,EAAQS,OACxB,GAAID,IAAYE,EAAS,MAAM,IAAI5E,MAAM,uDAEzC,MAAM6E,EAAO7F,EAAEoD,KACTrB,EAAQ+D,EAAOtG,OAAOkG,IAC5B,IAAInE,EAAa,EACbQ,EAAQ,GAAIR,EAAaQ,EAAQ,EAC5BA,EAAQ,EAAGR,EAAaQ,EAAQ,EAChCA,EAAQ,IAAGR,EAAa,GACjC,MAAMwE,EAAOtE,EAAQF,GACfyE,EAAU,IAAIb,MAAMrE,OAAOiF,GAAQ,GAAGE,KAAKJ,GAEjD,IAAIK,EAAML,EACV,IAAK,IAAIrF,EAFQa,KAAK8E,OAAOlB,EAAOmB,KAAO,GAAK7E,GAAcA,EAEvCf,GAAK,EAAGA,GAAKe,EAAY,CAC9CyE,EAAQC,KAAKJ,GACb,IAAK,IAAIQ,EAAI,EAAGA,EAAIT,EAASS,IAAK,CAChC,MAAM3B,EAASQ,EAAQmB,GACjBtE,EAAQjB,OAAQ4D,GAAUlF,OAAOgB,GAAMuF,GAC7CC,EAAQjE,GAASiE,EAAQjE,GAAO0B,IAAIxD,EAAOoG,GAC7C,CACA,IAAIC,EAAOT,EAEX,IAAK,IAAIQ,EAAIL,EAAQL,OAAS,EAAGY,EAAOV,EAAMQ,EAAI,EAAGA,IACnDE,EAAOA,EAAK9C,IAAIuC,EAAQK,IACxBC,EAAOA,EAAK7C,IAAI8C,GAGlB,GADAL,EAAMA,EAAIzC,IAAI6C,GACJ,IAAN9F,EAAS,IAAK,IAAI6F,EAAI,EAAGA,EAAI9E,EAAY8E,IAAKH,EAAMA,EAAIxC,QAC9D,CACA,OAAOwC,CACT,CAkJA,SAASM,EAAeC,EAAelB,EAAmBmB,GACxD,GAAInB,EAAO,CACT,GAAIA,EAAMoB,QAAUF,EAAO,MAAM,IAAIzF,MAAM,kDAE3C,OADA4F,EAAcrB,GACPA,CACT,CACE,OAAOsB,EAAMJ,EAAO,CAAEC,QAE1B,CAIM,SAAUI,EACdC,EACAC,EACAC,EAA8B,CAAA,EAC9BC,GAGA,QADeC,IAAXD,IAAsBA,EAAkB,YAATH,IAC9BC,GAA0B,iBAAVA,EAAoB,MAAM,IAAIhG,MAAM,kBAAkB+F,kBAC3E,IAAK,MAAMzG,IAAK,CAAC,IAAK,IAAK,KAAe,CACxC,MAAM8G,EAAMJ,EAAM1G,GAClB,KAAqB,iBAAR8G,GAAoBA,EAAM7H,GACrC,MAAM,IAAIyB,MAAM,SAASV,4BAC7B,CACA,MAAMF,EAAKoG,EAAYQ,EAAM1G,EAAG2G,EAAU7G,GAAI8G,GACxC7D,EAAKmD,EAAYQ,EAAMpF,EAAGqF,EAAU5D,GAAI6D,GAExCG,EAAS,CAAC,KAAM,KAAM,IADyB,KAErD,IAAK,MAAM/G,KAAK+G,EAEd,IAAKjH,EAAG4D,QAAQgD,EAAM1G,IACpB,MAAM,IAAIU,MAAM,SAASV,6CAG7B,MAAO,CAAE0G,MADTA,EAAQM,OAAOC,OAAOD,OAAOE,OAAO,CAAA,EAAIR,IACxB5G,KAAIiD,KACtB","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/curves/esm/abstract/edwards.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import{validateBasic as t,pippenger as e,wNAF as n}from"./curve.js";import{Field as r,FpInvertBatch as i,mod as o}from"./modular.js";import{validateObject as s,memoized as a,aInRange as c,ensureBytes as u,abool as f,bytesToNumberLE as l,numberToBytesLE as h,bytesToHex as d,concatBytes as y}from"./utils.js";
+import{_validateObject as t,copyBytes as e,_abytes2 as r,_abool2 as n,bytesToNumberLE as i,aInRange as s,ensureBytes as o,memoized as a}from"../utils.js";import{_createCurveFields as u,wNAF as c,normalizeZ as h,pippenger as d}from"./curve.js";import{Field as f}from"./modular.js";import{bytesToHex as l,isBytes as y,concatBytes as p,randomBytes as m}from"../../../hashes/esm/utils.js";
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const p=BigInt(0),m=BigInt(1),x=BigInt(2),w=BigInt(8),E={zip215:!0};function B(B){const g=function(e){const n=t(e);return s(e,{hash:"function",a:"bigint",d:"bigint",randomBytes:"function"},{adjustScalarBytes:"function",domain:"function",uvRatio:"function",mapToCurve:"function"}),Object.freeze({...n})}(B),{Fp:z,n:v,prehash:S,hash:R,randomBytes:A,nByteLength:b,h:O}=g,Z=x<<BigInt(8*b)-m,q=z.create,T=r(g.n,g.nBitLength);if(!function(t,e){const n=z.sqr(t),r=z.sqr(e),i=z.add(z.mul(g.a,n),r),o=z.add(z.ONE,z.mul(g.d,z.mul(n,r)));return z.eql(i,o)}(g.Gx,g.Gy))throw new Error("bad curve params: generator point");const H=g.uvRatio||((t,e)=>{try{return{isValid:!0,value:z.sqrt(t*z.inv(e))}}catch(t){return{isValid:!1,value:p}}}),P=g.adjustScalarBytes||(t=>t),U=g.domain||((t,e,n)=>{if(f("phflag",n),e.length||n)throw new Error("Contexts/pre-hash are not supported");return t});function j(t,e,n=!1){c("coordinate "+t,e,n?m:p,Z)}function C(t){if(!(t instanceof G))throw new Error("ExtendedPoint expected")}const Y=a(((t,e)=>{const{ex:n,ey:r,ez:i}=t,o=t.is0();null==e&&(e=o?w:z.inv(i));const s=q(n*e),a=q(r*e),c=q(i*e);if(o)return{x:p,y:m};if(c!==m)throw new Error("invZ was invalid");return{x:s,y:a}})),F=a((t=>{const{a:e,d:n}=g;if(t.is0())throw new Error("bad point: ZERO");const{ex:r,ey:i,ez:o,et:s}=t,a=q(r*r),c=q(i*i),u=q(o*o),f=q(u*u),l=q(a*e);if(q(u*q(l+c))!==q(f+q(n*q(a*c))))throw new Error("bad point: equation left != right (1)");if(q(r*i)!==q(o*s))throw new Error("bad point: equation left != right (2)");return!0}));class G{constructor(t,e,n,r){j("x",t),j("y",e),j("z",n,!0),j("t",r),this.ex=t,this.ey=e,this.ez=n,this.et=r,Object.freeze(this)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}static fromAffine(t){if(t instanceof G)throw new Error("extended point not allowed");const{x:e,y:n}=t||{};return j("x",e),j("y",n),new G(e,n,m,q(e*n))}static normalizeZ(t){const e=i(z,t.map((t=>t.ez)));return t.map(((t,n)=>t.toAffine(e[n]))).map(G.fromAffine)}static msm(t,n){return e(G,T,t,n)}_setWindowSize(t){N.setWindowSize(this,t)}assertValidity(){F(this)}equals(t){C(t);const{ex:e,ey:n,ez:r}=this,{ex:i,ey:o,ez:s}=t,a=q(e*s),c=q(i*r),u=q(n*s),f=q(o*r);return a===c&&u===f}is0(){return this.equals(G.ZERO)}negate(){return new G(q(-this.ex),this.ey,this.ez,q(-this.et))}double(){const{a:t}=g,{ex:e,ey:n,ez:r}=this,i=q(e*e),o=q(n*n),s=q(x*q(r*r)),a=q(t*i),c=e+n,u=q(q(c*c)-i-o),f=a+o,l=f-s,h=a-o,d=q(u*l),y=q(f*h),p=q(u*h),m=q(l*f);return new G(d,y,m,p)}add(t){C(t);const{a:e,d:n}=g,{ex:r,ey:i,ez:o,et:s}=this,{ex:a,ey:c,ez:u,et:f}=t,l=q(r*a),h=q(i*c),d=q(s*n*f),y=q(o*u),p=q((r+i)*(a+c)-l-h),m=y-d,x=y+d,w=q(h-e*l),E=q(p*m),B=q(x*w),z=q(p*w),v=q(m*x);return new G(E,B,v,z)}subtract(t){return this.add(t.negate())}wNAF(t){return N.wNAFCached(this,t,G.normalizeZ)}multiply(t){const e=t;c("scalar",e,m,v);const{p:n,f:r}=this.wNAF(e);return G.normalizeZ([n,r])[0]}multiplyUnsafe(t,e=G.ZERO){const n=t;return c("scalar",n,p,v),n===p?K:this.is0()||n===m?this:N.wNAFCachedUnsafe(this,n,G.normalizeZ,e)}isSmallOrder(){return this.multiplyUnsafe(O).is0()}isTorsionFree(){return N.unsafeLadder(this,v).is0()}toAffine(t){return Y(this,t)}clearCofactor(){const{h:t}=g;return t===m?this:this.multiplyUnsafe(t)}static fromHex(t,e=!1){const{d:n,a:r}=g,i=z.BYTES;t=u("pointHex",t,i),f("zip215",e);const o=t.slice(),s=t[i-1];o[i-1]=-129&s;const a=l(o),h=e?Z:z.ORDER;c("pointHex.y",a,p,h);const d=q(a*a),y=q(d-m),x=q(n*d-r);let{isValid:w,value:E}=H(y,x);if(!w)throw new Error("Point.fromHex: invalid y coordinate");const B=(E&m)===m,v=!!(128&s);if(!e&&E===p&&v)throw new Error("Point.fromHex: x=0 and x_0=1");return v!==B&&(E=q(-E)),G.fromAffine({x:E,y:a})}static fromPrivateKey(t){const{scalar:e}=_(t);return I.multiply(e)}toRawBytes(){const{x:t,y:e}=this.toAffine(),n=h(e,z.BYTES);return n[n.length-1]|=t&m?128:0,n}toHex(){return d(this.toRawBytes())}}G.BASE=new G(g.Gx,g.Gy,m,q(g.Gx*g.Gy)),G.ZERO=new G(p,m,m,p);const{BASE:I,ZERO:K}=G,N=n(G,8*b);function V(t){return o(t,v)}function W(t){return V(l(t))}function _(t){const e=z.BYTES;t=u("private key",t,e);const n=u("hashed private key",R(t),2*e),r=P(n.slice(0,e));return{head:r,prefix:n.slice(e,2*e),scalar:W(r)}}function L(t){const{head:e,prefix:n,scalar:r}=_(t),i=I.multiply(r),o=i.toRawBytes();return{head:e,prefix:n,scalar:r,point:i,pointBytes:o}}function k(t=Uint8Array.of(),...e){const n=y(...e);return W(R(U(n,u("context",t),!!S)))}const D=E;I._setWindowSize(8);return{CURVE:g,getPublicKey:function(t){return L(t).pointBytes},sign:function(t,e,n={}){t=u("message",t),S&&(t=S(t));const{prefix:r,scalar:i,pointBytes:o}=L(e),s=k(n.context,r,t),a=I.multiply(s).toRawBytes(),f=V(s+k(n.context,a,o,t)*i);c("signature.s",f,p,v);const l=y(a,h(f,z.BYTES));return u("result",l,2*z.BYTES)},verify:function(t,e,n,r=D){const{context:i,zip215:o}=r,s=z.BYTES;t=u("signature",t,2*s),e=u("message",e),n=u("publicKey",n,s),void 0!==o&&f("zip215",o),S&&(e=S(e));const a=l(t.slice(s,2*s));let c,h,d;try{c=G.fromHex(n,o),h=G.fromHex(t.slice(0,s),o),d=I.multiplyUnsafe(a)}catch(t){return!1}if(!o&&c.isSmallOrder())return!1;const y=k(i,h.toRawBytes(),c.toRawBytes(),e);return h.add(c.multiplyUnsafe(y)).subtract(d).clearCofactor().equals(G.ZERO)},ExtendedPoint:G,utils:{getExtendedPublicKey:L,randomPrivateKey:()=>A(z.BYTES),precompute:(t=8,e=G.BASE)=>(e._setWindowSize(t),e.multiply(BigInt(3)),e)}}}export{B as twistedEdwards};
+const B=BigInt(0),w=BigInt(1),E=BigInt(2),g=BigInt(8);function x(f,y={}){const p=u("edwards",f,y,y.FpFnLE),{Fp:m,Fn:x}=p;let v=p.CURVE;const{h:b}=v;t(y,{},{uvRatio:"function"});const S=E<<BigInt(8*x.BYTES)-w,R=t=>m.create(t),O=y.uvRatio||((t,e)=>{try{return{isValid:!0,value:m.sqrt(m.div(t,e))}}catch(t){return{isValid:!1,value:B}}});if(!function(t,e,r,n){const i=t.sqr(r),s=t.sqr(n),o=t.add(t.mul(e.a,i),s),a=t.add(t.ONE,t.mul(e.d,t.mul(i,s)));return t.eql(o,a)}(m,v,v.Gx,v.Gy))throw new Error("bad curve params: generator point");function Z(t,e,r=!1){return s("coordinate "+t,e,r?w:B,S),e}function T(t){if(!(t instanceof Y))throw new Error("ExtendedPoint expected")}const K=a((t,e)=>{const{X:r,Y:n,Z:i}=t,s=t.is0();null==e&&(e=s?g:m.inv(i));const o=R(r*e),a=R(n*e),u=m.mul(i,e);if(s)return{x:B,y:w};if(u!==w)throw new Error("invZ was invalid");return{x:o,y:a}}),F=a(t=>{const{a:e,d:r}=v;if(t.is0())throw new Error("bad point: ZERO");const{X:n,Y:i,Z:s,T:o}=t,a=R(n*n),u=R(i*i),c=R(s*s),h=R(c*c),d=R(a*e);if(R(c*R(d+u))!==R(h+R(r*R(a*u))))throw new Error("bad point: equation left != right (1)");if(R(n*i)!==R(s*o))throw new Error("bad point: equation left != right (2)");return!0});class Y{constructor(t,e,r,n){this.X=Z("x",t),this.Y=Z("y",e),this.Z=Z("z",r,!0),this.T=Z("t",n),Object.freeze(this)}static CURVE(){return v}static fromAffine(t){if(t instanceof Y)throw new Error("extended point not allowed");const{x:e,y:r}=t||{};return Z("x",e),Z("y",r),new Y(e,r,w,R(e*r))}static fromBytes(t,o=!1){const a=m.BYTES,{a:u,d:c}=v;t=e(r(t,a,"point")),n(o,"zip215");const h=e(t),d=t[a-1];h[a-1]=-129&d;const f=i(h),l=o?S:m.ORDER;s("point.y",f,B,l);const y=R(f*f),p=R(y-w),E=R(c*y-u);let{isValid:g,value:x}=O(p,E);if(!g)throw new Error("bad point: invalid y coordinate");const b=(x&w)===w,Z=!!(128&d);if(!o&&x===B&&Z)throw new Error("bad point: x=0 and x_0=1");return Z!==b&&(x=R(-x)),Y.fromAffine({x:x,y:f})}static fromHex(t,e=!1){return Y.fromBytes(o("point",t),e)}get x(){return this.toAffine().x}get y(){return this.toAffine().y}precompute(t=8,e=!0){return V.createCache(this,t),e||this.multiply(E),this}assertValidity(){F(this)}equals(t){T(t);const{X:e,Y:r,Z:n}=this,{X:i,Y:s,Z:o}=t,a=R(e*o),u=R(i*n),c=R(r*o),h=R(s*n);return a===u&&c===h}is0(){return this.equals(Y.ZERO)}negate(){return new Y(R(-this.X),this.Y,this.Z,R(-this.T))}double(){const{a:t}=v,{X:e,Y:r,Z:n}=this,i=R(e*e),s=R(r*r),o=R(E*R(n*n)),a=R(t*i),u=e+r,c=R(R(u*u)-i-s),h=a+s,d=h-o,f=a-s,l=R(c*d),y=R(h*f),p=R(c*f),m=R(d*h);return new Y(l,y,m,p)}add(t){T(t);const{a:e,d:r}=v,{X:n,Y:i,Z:s,T:o}=this,{X:a,Y:u,Z:c,T:h}=t,d=R(n*a),f=R(i*u),l=R(o*r*h),y=R(s*c),p=R((n+i)*(a+u)-d-f),m=y-l,B=y+l,w=R(f-e*d),E=R(p*m),g=R(B*w),x=R(p*w),b=R(m*B);return new Y(E,g,b,x)}subtract(t){return this.add(t.negate())}multiply(t){if(!x.isValidNot0(t))throw new Error("invalid scalar: expected 1 <= sc < curve.n");const{p:e,f:r}=V.cached(this,t,t=>h(Y,t));return h(Y,[e,r])[0]}multiplyUnsafe(t,e=Y.ZERO){if(!x.isValid(t))throw new Error("invalid scalar: expected 0 <= sc < curve.n");return t===B?Y.ZERO:this.is0()||t===w?this:V.unsafe(this,t,t=>h(Y,t),e)}isSmallOrder(){return this.multiplyUnsafe(b).is0()}isTorsionFree(){return V.unsafe(this,v.n).is0()}toAffine(t){return K(this,t)}clearCofactor(){return b===w?this:this.multiplyUnsafe(b)}toBytes(){const{x:t,y:e}=this.toAffine(),r=m.toBytes(e);return r[r.length-1]|=t&w?128:0,r}toHex(){return l(this.toBytes())}toString(){return`<Point ${this.is0()?"ZERO":this.toHex()}>`}get ex(){return this.X}get ey(){return this.Y}get ez(){return this.Z}get et(){return this.T}static normalizeZ(t){return h(Y,t)}static msm(t,e){return d(Y,x,t,e)}_setWindowSize(t){this.precompute(t)}toRawBytes(){return this.toBytes()}}Y.BASE=new Y(v.Gx,v.Gy,w,R(v.Gx*v.Gy)),Y.ZERO=new Y(B,w,w,B),Y.Fp=m,Y.Fn=x;const V=new c(Y,x.BITS);return Y.BASE.precompute(8),Y}function v(e,s,a={}){if("function"!=typeof s)throw new Error('"hash" function param is required');t(a,{},{adjustScalarBytes:"function",randomBytes:"function",domain:"function",prehash:"function",mapToCurve:"function"});const{prehash:u}=a,{BASE:c,Fp:h,Fn:d}=e,f=a.randomBytes||m,l=a.adjustScalarBytes||(t=>t),B=a.domain||((t,e,r)=>{if(n(r,"phflag"),e.length||r)throw new Error("Contexts/pre-hash are not supported");return t});function E(t){return d.create(i(t))}function g(t){const{head:e,prefix:r,scalar:n}=function(t){const e=R.secretKey;t=o("private key",t,e);const r=o("hashed private key",s(t),2*e),n=l(r.slice(0,e));return{head:n,prefix:r.slice(e,2*e),scalar:E(n)}}(t),i=c.multiply(n),a=i.toBytes();return{head:e,prefix:r,scalar:n,point:i,pointBytes:a}}function x(t){return g(t).pointBytes}function v(t=Uint8Array.of(),...e){const r=p(...e);return E(s(B(r,o("context",t),!!u)))}const b={zip215:!0};const S=h.BYTES,R={secretKey:S,publicKey:S,signature:2*S,seed:S};function O(t=f(R.seed)){return r(t,R.seed,"seed")}const Z={getExtendedPublicKey:g,randomSecretKey:O,isValidSecretKey:function(t){return y(t)&&t.length===d.BYTES},isValidPublicKey:function(t,r){try{return!!e.fromBytes(t,r)}catch(t){return!1}},toMontgomery(t){const{y:r}=e.fromBytes(t),n=R.publicKey,i=32===n;if(!i&&57!==n)throw new Error("only defined for 25519 and 448");const s=i?h.div(w+r,w-r):h.div(r-w,r+w);return h.toBytes(s)},toMontgomerySecret(t){const e=R.secretKey;r(t,e);const n=s(t.subarray(0,e));return l(n).subarray(0,e)},randomPrivateKey:O,precompute:(t=8,r=e.BASE)=>r.precompute(t,!1)};return Object.freeze({keygen:function(t){const e=Z.randomSecretKey(t);return{secretKey:e,publicKey:x(e)}},getPublicKey:x,sign:function(t,e,n={}){t=o("message",t),u&&(t=u(t));const{prefix:i,scalar:s,pointBytes:a}=g(e),h=v(n.context,i,t),f=c.multiply(h).toBytes(),l=v(n.context,f,a,t),y=d.create(h+l*s);if(!d.isValid(y))throw new Error("sign failed: invalid s");const m=p(f,d.toBytes(y));return r(m,R.signature,"result")},verify:function(t,r,s,a=b){const{context:h,zip215:d}=a,f=R.signature;t=o("signature",t,f),r=o("message",r),s=o("publicKey",s,R.publicKey),void 0!==d&&n(d,"zip215"),u&&(r=u(r));const l=f/2,y=t.subarray(0,l),p=i(t.subarray(l,f));let m,B,w;try{m=e.fromBytes(s,d),B=e.fromBytes(y,d),w=c.multiplyUnsafe(p)}catch(t){return!1}if(!d&&m.isSmallOrder())return!1;const E=v(h,B.toBytes(),m.toBytes(),r);return B.add(m.multiplyUnsafe(E)).subtract(w).clearCofactor().is0()},utils:Z,Point:e,lengths:R})}function b(t){const{CURVE:e,curveOpts:r,hash:n,eddsaOpts:i}=function(t){const e={a:t.a,d:t.d,p:t.Fp.ORDER,n:t.n,h:t.h,Gx:t.Gx,Gy:t.Gy},r={Fp:t.Fp,Fn:f(e.n,t.nBitLength,!0),uvRatio:t.uvRatio},n={randomBytes:t.randomBytes,adjustScalarBytes:t.adjustScalarBytes,domain:t.domain,prehash:t.prehash,mapToCurve:t.mapToCurve};return{CURVE:e,curveOpts:r,hash:t.hash,eddsaOpts:n}}(t);return function(t,e){const r=e.Point;return Object.assign({},e,{ExtendedPoint:r,CURVE:t,nBitLength:r.Fn.BITS,nByteLength:r.Fn.BYTES})}(t,v(x(e,r),n,i))}export{v as eddsa,x as edwards,b as twistedEdwards};
 //# sourceMappingURL=edwards.js.map

package/dist/esm/node_modules/@noble/curves/esm/abstract/edwards.js.map CHANGED Viewed

	@@ -1 +1 @@
1	- {"version":3,"file":"edwards.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/edwards.js"],"sourcesContent":["/*\n Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y².\n * For design rationale of types / exports, see weierstrass module documentation.\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\n// prettier-ignore\nimport { pippenger, validateBasic, wNAF } from \"./curve.js\";\nimport { Field, FpInvertBatch, mod } from \"./modular.js\";\n// prettier-ignore\nimport { abool, aInRange, bytesToHex, bytesToNumberLE, concatBytes, ensureBytes, memoized, numberToBytesLE, validateObject } from \"./utils.js\";\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\n// verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\nconst VERIFY_DEFAULT = { zip215: true };\nfunction validateOpts(curve) {\n const opts = validateBasic(curve);\n validateObject(curve, {\n hash: 'function',\n a: 'bigint',\n d: 'bigint',\n randomBytes: 'function',\n }, {\n adjustScalarBytes: 'function',\n domain: 'function',\n uvRatio: 'function',\n mapToCurve: 'function',\n });\n // Set defaults\n return Object.freeze({ ...opts });\n}\n/\n Creates Twisted Edwards curve with EdDSA signatures.\n * @example\n * import { Field } from '@noble/curves/abstract/modular';\n * // Before that, define BigInt-s: a, d, p, n, Gx, Gy, h\n * const curve = twistedEdwards({ a, d, Fp: Field(p), n, Gx, Gy, h })\n /\nexport function twistedEdwards(curveDef) {\n const CURVE = validateOpts(curveDef);\n const { Fp, n: CURVE_ORDER, prehash: prehash, hash: cHash, randomBytes, nByteLength, h: cofactor, } = CURVE;\n // Important:\n // There are some places where Fp.BYTES is used instead of nByteLength.\n // So far, everything has been tested with curves of Fp.BYTES == nByteLength.\n // TODO: test and find curves which behave otherwise.\n const MASK = _2n << (BigInt(nByteLength 8) - _1n);\n const modP = Fp.create; // Function overrides\n const Fn = Field(CURVE.n, CURVE.nBitLength);\n function isEdValidXY(x, y) {\n const x2 = Fp.sqr(x);\n const y2 = Fp.sqr(y);\n const left = Fp.add(Fp.mul(CURVE.a, x2), y2);\n const right = Fp.add(Fp.ONE, Fp.mul(CURVE.d, Fp.mul(x2, y2)));\n return Fp.eql(left, right);\n }\n // Validate whether the passed curve params are valid.\n // equation ax² + y² = 1 + dx²y² should work for generator point.\n if (!isEdValidXY(CURVE.Gx, CURVE.Gy))\n throw new Error('bad curve params: generator point');\n // sqrt(u/v)\n const uvRatio = CURVE.uvRatio \|\|\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(u * Fp.inv(v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n const adjustScalarBytes = CURVE.adjustScalarBytes \|\| ((bytes) => bytes); // NOOP\n const domain = CURVE.domain \|\|\n ((data, ctx, phflag) => {\n abool('phflag', phflag);\n if (ctx.length \|\| phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // 0 <= n < MASK\n // Coordinates larger than Fp.ORDER are allowed for zip215\n function aCoordinate(title, n, banZero = false) {\n const min = banZero ? _1n : _0n;\n aInRange('coordinate ' + title, n, min, MASK);\n }\n function aextpoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { ex: x, ey: y, ez: z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(z); // 8 was chosen arbitrarily\n const ax = modP(x * iz);\n const ay = modP(y * iz);\n const zz = modP(z * iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x: ax, y: ay };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { ex: X, ey: Y, ez: Z, et: T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is xy=T/Z: check XY == ZT\n const XY = modP(X Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (X, Y, Z, T) ∋ (x=X/Z, y=Y/Z, T=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(ex, ey, ez, et) {\n aCoordinate('x', ex);\n aCoordinate('y', ey);\n aCoordinate('z', ez, true);\n aCoordinate('t', et);\n this.ex = ex;\n this.ey = ey;\n this.ez = ez;\n this.et = et;\n Object.freeze(this);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p \|\| {};\n aCoordinate('x', x);\n aCoordinate('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n static normalizeZ(points) {\n const toInv = FpInvertBatch(Fp, points.map((p) => p.ez));\n return points.map((p, i) => p.toAffine(toInv[i])).map(Point.fromAffine);\n }\n // Multiscalar Multiplication\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n // \"Private method\", don't use it directly\n _setWindowSize(windowSize) {\n wnaf.setWindowSize(this, windowSize);\n }\n // Not required for fromHex(), which always creates valid points.\n // Could be useful for fromAffine().\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n aextpoint(other);\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const { ex: X2, ey: Y2, ez: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.ex), this.ey, this.ez, modP(-this.et));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1a + 6add + 12.\n double() {\n const { a } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2Z12\n const D = modP(a A); // D = aA\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = EF\n const Y3 = modP(G H); // Y3 = GH\n const T3 = modP(E H); // T3 = EH\n const Z3 = modP(F G); // Z3 = FG\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1a + 1d + 7add.\n add(other) {\n aextpoint(other);\n const { a, d } = CURVE;\n const { ex: X1, ey: Y1, ez: Z1, et: T1 } = this;\n const { ex: X2, ey: Y2, ez: Z2, et: T2 } = other;\n const A = modP(X1 X2); // A = X1X2\n const B = modP(Y1 Y2); // B = Y1Y2\n const C = modP(T1 d * T2); // C = T1dT2\n const D = modP(Z1 * Z2); // D = Z1Z2\n const E = modP((X1 + Y1) (X2 + Y2) - A - B); // E = (X1+Y1)(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a A); // H = B-aA\n const X3 = modP(E F); // X3 = EF\n const Y3 = modP(G H); // Y3 = GH\n const T3 = modP(E H); // T3 = EH\n const Z3 = modP(F G); // Z3 = FG\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n wNAF(n) {\n return wnaf.wNAFCached(this, n, Point.normalizeZ);\n }\n // Constant-time multiplication.\n multiply(scalar) {\n const n = scalar;\n aInRange('scalar', n, _1n, CURVE_ORDER); // 1 <= scalar < L\n const { p, f } = this.wNAF(n);\n return Point.normalizeZ([p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n // Accepts optional accumulator to merge with multiply (important for sparse scalars)\n multiplyUnsafe(scalar, acc = Point.ZERO) {\n const n = scalar;\n aInRange('scalar', n, _0n, CURVE_ORDER); // 0 <= scalar < L\n if (n === _0n)\n return I;\n if (this.is0() \|\| n === _1n)\n return this;\n return wnaf.wNAFCachedUnsafe(this, n, Point.normalizeZ, acc);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafeLadder(this, CURVE_ORDER).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(iz) {\n return toAffineMemo(this, iz);\n }\n clearCofactor() {\n const { h: cofactor } = CURVE;\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n // Converts hash string or Uint8Array to Point.\n // Uses algo from RFC8032 5.1.3.\n static fromHex(hex, zip215 = false) {\n const { d, a } = CURVE;\n const len = Fp.BYTES;\n hex = ensureBytes('pointHex', hex, len); // copy hex to a new array\n abool('zip215', zip215);\n const normed = hex.slice(); // copy again, we'll manipulate it\n const lastByte = hex[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = bytesToNumberLE(normed);\n // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n aInRange('pointHex.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('Point.fromHex: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('Point.fromHex: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromPrivateKey(privKey) {\n const { scalar } = getPrivateScalar(privKey);\n return G.multiply(scalar); // reduced one call of `toRawBytes`\n }\n toRawBytes() {\n const { x, y } = this.toAffine();\n const bytes = numberToBytesLE(y, Fp.BYTES); // each y has 2 x values (x, -y)\n bytes[bytes.length - 1] \|= x & _1n ? 0x80 : 0; // when compressing, it's enough to store y\n return bytes; // and use the last byte to encode sign of x\n }\n toHex() {\n return bytesToHex(this.toRawBytes()); // Same as toRawBytes, but returns string.\n }\n }\n // base / generator point\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx * CURVE.Gy));\n // zero / infinity / identity point\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n const { BASE: G, ZERO: I } = Point;\n const wnaf = wNAF(Point, nByteLength * 8);\n function modN(a) {\n return mod(a, CURVE_ORDER);\n }\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return modN(bytesToNumberLE(hash));\n }\n // Get the hashed private scalar per RFC8032 5.1.5\n function getPrivateScalar(key) {\n const len = Fp.BYTES;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 * len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n return { head, prefix, scalar };\n }\n // Convenience method that creates public key from scalar. RFC8032 5.1.5\n function getExtendedPublicKey(key) {\n const { head, prefix, scalar } = getPrivateScalar(key);\n const point = G.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toRawBytes(); // Uint8Array representation\n return { head, prefix, scalar, point, pointBytes };\n }\n // Calculates EdDSA pub key. RFC8032 5.1.5. Privkey is hashed. Use first half with 3 bits cleared\n function getPublicKey(privKey) {\n return getExtendedPublicKey(privKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) \|\| msgs)) mod N\n function hashDomainToScalar(context = Uint8Array.of(), ...msgs) {\n const msg = concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /** Signs message with privateKey. RFC8032 5.1.6 /\n function sign(msg, privKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(privKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) \|\| prefix \|\| PH(M)\n const R = G.multiply(r).toRawBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R \|\| A \|\| PH(M)\n const s = modN(r + k scalar); // S = (r + k * s) mod L\n aInRange('signature.s', s, _0n, CURVE_ORDER); // 0 <= s < l\n const res = concatBytes(R, numberToBytesLE(s, Fp.BYTES));\n return ensureBytes('result', res, Fp.BYTES * 2); // 64-byte signature\n }\n const verifyOpts = VERIFY_DEFAULT;\n /*\n Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n * An extended group equation is checked.\n /\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = Fp.BYTES; // Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n sig = ensureBytes('signature', sig, 2 len); // An extended group equation is checked.\n msg = ensureBytes('message', msg);\n publicKey = ensureBytes('publicKey', publicKey, len);\n if (zip215 !== undefined)\n abool('zip215', zip215);\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const s = bytesToNumberLE(sig.slice(len, 2 * len));\n let A, R, SB;\n try {\n // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n A = Point.fromHex(publicKey, zip215);\n R = Point.fromHex(sig.slice(0, len), zip215);\n SB = G.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false;\n const k = hashDomainToScalar(context, R.toRawBytes(), A.toRawBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // Extended group equation\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().equals(Point.ZERO);\n }\n G._setWindowSize(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n const utils = {\n getExtendedPublicKey,\n /** ed25519 priv keys are uniform 32b. No need to check for modulo bias, like in secp256k1. /\n randomPrivateKey: () => randomBytes(Fp.BYTES),\n /\n We're doing scalar multiplication (used in getPublicKey etc) with precomputed BASE_POINT\n * values. This slows down first getPublicKey() by milliseconds (see Speed section),\n * but allows to speed-up subsequent getPublicKey() calls up to 20x.\n * @param windowSize 2, 4, 8, 16\n */\n precompute(windowSize = 8, point = Point.BASE) {\n point._setWindowSize(windowSize);\n point.multiply(BigInt(3));\n return point;\n },\n };\n return {\n CURVE,\n getPublicKey,\n sign,\n verify,\n ExtendedPoint: Point,\n utils,\n };\n}\n//# sourceMappingURL=edwards.js.map"],"names":["_0n","BigInt","_1n","_2n","_8n","VERIFY_DEFAULT","zip215","twistedEdwards","curveDef","CURVE","curve","opts","validateBasic","validateObject","hash","a","d","randomBytes","adjustScalarBytes","domain","uvRatio","mapToCurve","Object","freeze","validateOpts","Fp","n","CURVE_ORDER","prehash","cHash","nByteLength","h","cofactor","MASK","modP","create","Fn","Field","nBitLength","x","y","x2","sqr","y2","left","add","mul","right","ONE","eql","isEdValidXY","Gx","Gy","Error","u","v","isValid","value","sqrt","inv","e","bytes","data","ctx","phflag","abool","length","aCoordinate","title","banZero","aInRange","aextpoint","other","Point","toAffineMemo","memoized","p","iz","ex","ey","ez","z","is0","ax","ay","zz","assertValidMemo","X","Y","Z","et","T","X2","Y2","Z2","Z4","aX2","constructor","this","toAffine","fromAffine","normalizeZ","points","toInv","FpInvertBatch","map","i","msm","scalars","pippenger","_setWindowSize","windowSize","wnaf","setWindowSize","assertValidity","equals","X1","Y1","Z1","X1Z2","X2Z1","Y1Z2","Y2Z1","ZERO","negate","double","A","B","C","D","x1y1","E","G","F","H","X3","Y3","T3","Z3","T1","T2","subtract","wNAF","wNAFCached","multiply","scalar","f","multiplyUnsafe","acc","I","wNAFCachedUnsafe","isSmallOrder","isTorsionFree","unsafeLadder","clearCofactor","fromHex","hex","len","BYTES","ensureBytes","normed","slice","lastByte","bytesToNumberLE","max","ORDER","isXOdd","isLastByteOdd","fromPrivateKey","privKey","getPrivateScalar","toRawBytes","numberToBytesLE","toHex","bytesToHex","BASE","modN","mod","modN_LE","key","hashed","head","prefix","getExtendedPublicKey","point","pointBytes","hashDomainToScalar","context","Uint8Array","of","msgs","msg","concatBytes","verifyOpts","getPublicKey","sign","options","r","R","s","res","verify","sig","publicKey","undefined","SB","error","k","ExtendedPoint","utils","randomPrivateKey","precompute"],"mappings":";;AAqBA,MAAMA,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAIE,EAAMF,OAAO,GAAIG,EAAMH,OAAO,GAkBhEI,EAAiB,CAAEC,QAAQ,GAsF3B,SAAUC,EAAeC,GAC7B,MAAMC,EArFR,SAAsBC,GACpB,MAAMC,EAAOC,EAAcF,GAiB3B,OAhBAG,EACEH,EACA,CACEI,KAAM,WACNC,EAAG,SACHC,EAAG,SACHC,YAAa,YAEf,CACEC,kBAAmB,WACnBC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAITC,OAAOC,OAAO,IAAKZ,GAC5B,CAkEgBa,CAAahB,IACrBiB,GACJA,EACAC,EAAGC,EACHC,QAASA,EACTd,KAAMe,EAAKZ,YACXA,EAAWa,YACXA,EACAC,EAAGC,GACDvB,EAKEwB,EAAO9B,GAAQF,OAAqB,EAAd6B,GAAmB5B,EACzCgC,EAAOT,EAAGU,OACVC,EAAKC,EAAM5B,EAAMiB,EAAGjB,EAAM6B,YAYhC,IAVA,SAAqBC,EAAWC,GAC9B,MAAMC,EAAKhB,EAAGiB,IAAIH,GACZI,EAAKlB,EAAGiB,IAAIF,GACZI,EAAOnB,EAAGoB,IAAIpB,EAAGqB,IAAIrC,EAAMM,EAAG0B,GAAKE,GACnCI,EAAQtB,EAAGoB,IAAIpB,EAAGuB,IAAKvB,EAAGqB,IAAIrC,EAAMO,EAAGS,EAAGqB,IAAIL,EAAIE,KACxD,OAAOlB,EAAGwB,IAAIL,EAAMG,EACtB,CAIKG,CAAYzC,EAAM0C,GAAI1C,EAAM2C,IAAK,MAAM,IAAIC,MAAM,qCAGtD,MAAMjC,EACJX,EAAMW,SAAO,EACXkC,EAAWC,KACX,IACE,MAAO,CAAEC,SAAS,EAAMC,MAAOhC,EAAGiC,KAAKJ,EAAI7B,EAAGkC,IAAIJ,IACnD,CAAC,MAAOK,GACP,MAAO,CAAEJ,SAAS,EAAOC,MAAOzD,EAClC,CACD,GACGkB,EAAoBT,EAAMS,mBAAiB,CAAM2C,GAAsBA,GACvE1C,EACJV,EAAMU,QACL,EAAC2C,EAAkBC,EAAiBC,KAEnC,GADAC,EAAM,SAAUD,GACZD,EAAIG,QAAUF,EAAQ,MAAM,IAAIX,MAAM,uCAC1C,OAAOS,CACR,GAGH,SAASK,EAAYC,EAAe1C,EAAW2C,GAAU,GAEvDC,EAAS,cAAgBF,EAAO1C,EADpB2C,EAAUnE,EAAMF,EACYiC,EAC1C,CAEA,SAASsC,EAAUC,GACjB,KAAMA,aAAiBC,GAAQ,MAAM,IAAIpB,MAAM,yBACjD,CAGA,MAAMqB,EAAeC,GAAS,CAACC,EAAUC,KACvC,MAAQC,GAAIvC,EAAGwC,GAAIvC,EAAGwC,GAAIC,GAAML,EAC1BM,EAAMN,EAAEM,MACJ,MAANL,IAAYA,EAAKK,EAAM9E,EAAOqB,EAAGkC,IAAIsB,IACzC,MAAME,EAAKjD,EAAKK,EAAIsC,GACdO,EAAKlD,EAAKM,EAAIqC,GACdQ,EAAKnD,EAAK+C,EAAIJ,GACpB,GAAIK,EAAK,MAAO,CAAE3C,EAAGvC,EAAKwC,EAAGtC,GAC7B,GAAImF,IAAOnF,EAAK,MAAM,IAAImD,MAAM,oBAChC,MAAO,CAAEd,EAAG4C,EAAI3C,EAAG4C,EAAI,IAEnBE,EAAkBX,GAAUC,IAChC,MAAM7D,EAAEA,EAACC,EAAEA,GAAMP,EACjB,GAAImE,EAAEM,MAAO,MAAM,IAAI7B,MAAM,mBAG7B,MAAQyB,GAAIS,EAAGR,GAAIS,EAAGR,GAAIS,EAAGC,GAAIC,GAAMf,EACjCgB,EAAK1D,EAAKqD,EAAIA,GACdM,EAAK3D,EAAKsD,EAAIA,GACdM,EAAK5D,EAAKuD,EAAIA,GACdM,EAAK7D,EAAK4D,EAAKA,GACfE,EAAM9D,EAAK0D,EAAK7E,GAGtB,GAFamB,EAAK4D,EAAK5D,EAAK8D,EAAMH,MACpB3D,EAAK6D,EAAK7D,EAAKlB,EAAIkB,EAAK0D,EAAKC,KACvB,MAAM,IAAIxC,MAAM,yCAIpC,GAFWnB,EAAKqD,EAAIC,KACTtD,EAAKuD,EAAIE,GACL,MAAM,IAAItC,MAAM,yCAC/B,OAAO,CAAI,IAKb,MAAMoB,EAUJwB,WAAAA,CAAYnB,EAAYC,EAAYC,EAAYU,GAC9CvB,EAAY,IAAKW,GACjBX,EAAY,IAAKY,GACjBZ,EAAY,IAAKa,GAAI,GACrBb,EAAY,IAAKuB,GACjBQ,KAAKpB,GAAKA,EACVoB,KAAKnB,GAAKA,EACVmB,KAAKlB,GAAKA,EACVkB,KAAKR,GAAKA,EACVpE,OAAOC,OAAO2E,KAChB,CAEA,KAAI3D,GACF,OAAO2D,KAAKC,WAAW5D,CACzB,CACA,KAAIC,GACF,OAAO0D,KAAKC,WAAW3D,CACzB,CAEA,iBAAO4D,CAAWxB,GAChB,GAAIA,aAAaH,EAAO,MAAM,IAAIpB,MAAM,8BACxC,MAAMd,EAAEA,EAACC,EAAEA,GAAMoC,GAAK,CAAE,EAGxB,OAFAT,EAAY,IAAK5B,GACjB4B,EAAY,IAAK3B,GACV,IAAIiC,EAAMlC,EAAGC,EAAGtC,EAAKgC,EAAKK,EAAIC,GACvC,CACA,iBAAO6D,CAAWC,GAChB,MAAMC,EAAQC,EACZ/E,EACA6E,EAAOG,KAAK7B,GAAMA,EAAEI,MAEtB,OAAOsB,EAAOG,KAAI,CAAC7B,EAAG8B,IAAM9B,EAAEuB,SAASI,EAAMG,MAAKD,IAAIhC,EAAM2B,WAC9D,CAEA,UAAOO,CAAIL,EAAiBM,GAC1B,OAAOC,EAAUpC,EAAOrC,EAAIkE,EAAQM,EACtC,CAGAE,cAAAA,CAAeC,GACbC,EAAKC,cAAcf,KAAMa,EAC3B,CAGAG,cAAAA,GACE5B,EAAgBY,KAClB,CAGAiB,MAAAA,CAAO3C,GACLD,EAAUC,GACV,MAAQM,GAAIsC,EAAIrC,GAAIsC,EAAIrC,GAAIsC,GAAOpB,MAC3BpB,GAAIc,EAAIb,GAAIc,EAAIb,GAAIc,GAAOtB,EAC7B+C,EAAOrF,EAAKkF,EAAKtB,GACjB0B,EAAOtF,EAAK0D,EAAK0B,GACjBG,EAAOvF,EAAKmF,EAAKvB,GACjB4B,EAAOxF,EAAK2D,EAAKyB,GACvB,OAAOC,IAASC,GAAQC,IAASC,CACnC,CAEAxC,GAAAA,GACE,OAAOgB,KAAKiB,OAAO1C,EAAMkD,KAC3B,CAEAC,MAAAA,GAEE,OAAO,IAAInD,EAAMvC,GAAMgE,KAAKpB,IAAKoB,KAAKnB,GAAImB,KAAKlB,GAAI9C,GAAMgE,KAAKR,IAChE,CAKAmC,MAAAA,GACE,MAAM9G,EAAEA,GAAMN,GACNqE,GAAIsC,EAAIrC,GAAIsC,EAAIrC,GAAIsC,GAAOpB,KAC7B4B,EAAI5F,EAAKkF,EAAKA,GACdW,EAAI7F,EAAKmF,EAAKA,GACdW,EAAI9F,EAAK/B,EAAM+B,EAAKoF,EAAKA,IACzBW,EAAI/F,EAAKnB,EAAI+G,GACbI,EAAOd,EAAKC,EACZc,EAAIjG,EAAKA,EAAKgG,EAAOA,GAAQJ,EAAIC,GACjCK,EAAIH,EAAIF,EACRM,EAAID,EAAIJ,EACRM,EAAIL,EAAIF,EACRQ,EAAKrG,EAAKiG,EAAIE,GACdG,EAAKtG,EAAKkG,EAAIE,GACdG,EAAKvG,EAAKiG,EAAIG,GACdI,EAAKxG,EAAKmG,EAAID,GACpB,OAAO,IAAI3D,EAAM8D,EAAIC,EAAIE,EAAID,EAC/B,CAKA5F,GAAAA,CAAI2B,GACFD,EAAUC,GACV,MAAMzD,EAAEA,EAACC,EAAEA,GAAMP,GACTqE,GAAIsC,EAAIrC,GAAIsC,EAAIrC,GAAIsC,EAAI5B,GAAIiD,GAAOzC,MACnCpB,GAAIc,EAAIb,GAAIc,EAAIb,GAAIc,EAAIJ,GAAIkD,GAAOpE,EACrCsD,EAAI5F,EAAKkF,EAAKxB,GACdmC,EAAI7F,EAAKmF,EAAKxB,GACdmC,EAAI9F,EAAKyG,EAAK3H,EAAI4H,GAClBX,EAAI/F,EAAKoF,EAAKxB,GACdqC,EAAIjG,GAAMkF,EAAKC,IAAOzB,EAAKC,GAAMiC,EAAIC,GACrCM,EAAIJ,EAAID,EACRI,EAAIH,EAAID,EACRM,EAAIpG,EAAK6F,EAAIhH,EAAI+G,GACjBS,EAAKrG,EAAKiG,EAAIE,GACdG,EAAKtG,EAAKkG,EAAIE,GACdG,EAAKvG,EAAKiG,EAAIG,GACdI,EAAKxG,EAAKmG,EAAID,GACpB,OAAO,IAAI3D,EAAM8D,EAAIC,EAAIE,EAAID,EAC/B,CAEAI,QAAAA,CAASrE,GACP,OAAO0B,KAAKrD,IAAI2B,EAAMoD,SACxB,CAEQkB,IAAAA,CAAKpH,GACX,OAAOsF,EAAK+B,WAAW7C,KAAMxE,EAAG+C,EAAM4B,WACxC,CAGA2C,QAAAA,CAASC,GACP,MAAMvH,EAAIuH,EACV3E,EAAS,SAAU5C,EAAGxB,EAAKyB,GAC3B,MAAMiD,EAAEA,EAACsE,EAAEA,GAAMhD,KAAK4C,KAAKpH,GAC3B,OAAO+C,EAAM4B,WAAW,CAACzB,EAAGsE,IAAI,EAClC,CAOAC,cAAAA,CAAeF,EAAgBG,EAAM3E,EAAMkD,MACzC,MAAMjG,EAAIuH,EAEV,OADA3E,EAAS,SAAU5C,EAAG1B,EAAK2B,GACvBD,IAAM1B,EAAYqJ,EAClBnD,KAAKhB,OAASxD,IAAMxB,EAAYgG,KAC7Bc,EAAKsC,iBAAiBpD,KAAMxE,EAAG+C,EAAM4B,WAAY+C,EAC1D,CAMAG,YAAAA,GACE,OAAOrD,KAAKiD,eAAenH,GAAUkD,KACvC,CAIAsE,aAAAA,GACE,OAAOxC,EAAKyC,aAAavD,KAAMvE,GAAauD,KAC9C,CAIAiB,QAAAA,CAAStB,GACP,OAAOH,EAAawB,KAAMrB,EAC5B,CAEA6E,aAAAA,GACE,MAAQ3H,EAAGC,GAAavB,EACxB,OAAIuB,IAAa9B,EAAYgG,KACtBA,KAAKiD,eAAenH,EAC7B,CAIA,cAAO2H,CAAQC,EAAUtJ,GAAS,GAChC,MAAMU,EAAEA,EAACD,EAAEA,GAAMN,EACXoJ,EAAMpI,EAAGqI,MACfF,EAAMG,EAAY,WAAYH,EAAKC,GACnC5F,EAAM,SAAU3D,GAChB,MAAM0J,EAASJ,EAAIK,QACbC,EAAWN,EAAIC,EAAM,GAC3BG,EAAOH,EAAM,IAAgB,IAAXK,EAClB,MAAM1H,EAAI2H,EAAgBH,GAMpBI,EAAM9J,EAAS2B,EAAOR,EAAG4I,MAC/B/F,EAAS,aAAc9B,EAAGxC,EAAKoK,GAI/B,MAAMzH,EAAKT,EAAKM,EAAIA,GACdc,EAAIpB,EAAKS,EAAKzC,GACdqD,EAAIrB,EAAKlB,EAAI2B,EAAK5B,GACxB,IAAIyC,QAAEA,EAASC,MAAOlB,GAAMnB,EAAQkC,EAAGC,GACvC,IAAKC,EAAS,MAAM,IAAIH,MAAM,uCAC9B,MAAMiH,GAAU/H,EAAIrC,KAASA,EACvBqK,KAA4B,IAAXL,GACvB,IAAK5J,GAAUiC,IAAMvC,GAAOuK,EAE1B,MAAM,IAAIlH,MAAM,gCAElB,OADIkH,IAAkBD,IAAQ/H,EAAIL,GAAMK,IACjCkC,EAAM2B,WAAW,CAAE7D,IAAGC,KAC/B,CACA,qBAAOgI,CAAeC,GACpB,MAAMxB,OAAEA,GAAWyB,EAAiBD,GACpC,OAAOrC,EAAEY,SAASC,EACpB,CACA0B,UAAAA,GACE,MAAMpI,EAAEA,EAACC,EAAEA,GAAM0D,KAAKC,WAChBtC,EAAQ+G,EAAgBpI,EAAGf,EAAGqI,OAEpC,OADAjG,EAAMA,EAAMK,OAAS,IAAM3B,EAAIrC,EAAM,IAAO,EACrC2D,CACT,CACAgH,KAAAA,GACE,OAAOC,EAAW5E,KAAKyE,aACzB,EA/NgBlG,EAAAsG,KAAO,IAAItG,EAAMhE,EAAM0C,GAAI1C,EAAM2C,GAAIlD,EAAKgC,EAAKzB,EAAM0C,GAAK1C,EAAM2C,KAEhEqB,EAAAkD,KAAO,IAAIlD,EAAMzE,EAAKE,EAAKA,EAAKF,GA+NlD,MAAQ+K,KAAM3C,EAAGT,KAAM0B,GAAM5E,EACvBuC,EAAO8B,EAAKrE,EAAqB,EAAd3C,GAEzB,SAASkJ,EAAKjK,GACZ,OAAOkK,EAAIlK,EAAGY,EAChB,CAEA,SAASuJ,EAAQpK,GACf,OAAOkK,EAAKb,EAAgBrJ,GAC9B,CAGA,SAAS4J,EAAiBS,GACxB,MAAMtB,EAAMpI,EAAGqI,MACfqB,EAAMpB,EAAY,cAAeoB,EAAKtB,GAGtC,MAAMuB,EAASrB,EAAY,qBAAsBlI,EAAMsJ,GAAM,EAAItB,GAC3DwB,EAAOnK,EAAkBkK,EAAOnB,MAAM,EAAGJ,IAG/C,MAAO,CAAEwB,OAAMC,OAFAF,EAAOnB,MAAMJ,EAAK,EAAIA,GAEdZ,OADRiC,EAAQG,GAEzB,CAGA,SAASE,EAAqBJ,GAC5B,MAAME,KAAEA,EAAIC,OAAEA,EAAMrC,OAAEA,GAAWyB,EAAiBS,GAC5CK,EAAQpD,EAAEY,SAASC,GACnBwC,EAAaD,EAAMb,aACzB,MAAO,CAAEU,OAAMC,SAAQrC,SAAQuC,QAAOC,aACxC,CAQA,SAASC,EAAmBC,EAAeC,WAAWC,QAASC,GAC7D,MAAMC,EAAMC,KAAeF,GAC3B,OAAOZ,EAAQrJ,EAAMV,EAAO4K,EAAKhC,EAAY,UAAW4B,KAAY/J,IACtE,CAgBA,MAAMqK,EAAkD5L,EAoCxD+H,EAAEtB,eAAe,GAoBjB,MAAO,CACLrG,QACAyL,aAlFF,SAAsBzB,GACpB,OAAOc,EAAqBd,GAASgB,UACvC,EAiFEU,KAxEF,SAAcJ,EAAUtB,EAAc2B,EAA6B,CAAA,GACjEL,EAAMhC,EAAY,UAAWgC,GACzBnK,IAASmK,EAAMnK,EAAQmK,IAC3B,MAAMT,OAAEA,EAAMrC,OAAEA,EAAMwC,WAAEA,GAAeF,EAAqBd,GACtD4B,EAAIX,EAAmBU,EAAQT,QAASL,EAAQS,GAChDO,EAAIlE,EAAEY,SAASqD,GAAG1B,aAElB4B,EAAIvB,EAAKqB,EADLX,EAAmBU,EAAQT,QAASW,EAAGb,EAAYM,GACtC9C,GACvB3E,EAAS,cAAeiI,EAAGvM,EAAK2B,GAChC,MAAM6K,EAAMR,EAAYM,EAAG1B,EAAgB2B,EAAG9K,EAAGqI,QACjD,OAAOC,EAAY,SAAUyC,EAAgB,EAAX/K,EAAGqI,MACvC,EA8DE2C,OAtDF,SAAgBC,EAAUX,EAAUY,EAAgBP,EAAUH,GAC5D,MAAMN,QAAEA,EAAOrL,OAAEA,GAAW8L,EACtBvC,EAAMpI,EAAGqI,MACf4C,EAAM3C,EAAY,YAAa2C,EAAK,EAAI7C,GACxCkC,EAAMhC,EAAY,UAAWgC,GAC7BY,EAAY5C,EAAY,YAAa4C,EAAW9C,QACjC+C,IAAXtM,GAAsB2D,EAAM,SAAU3D,GACtCsB,IAASmK,EAAMnK,EAAQmK,IAE3B,MAAMQ,EAAIpC,EAAgBuC,EAAIzC,MAAMJ,EAAK,EAAIA,IAC7C,IAAI/B,EAAGwE,EAAGO,EACV,IAIE/E,EAAIrD,EAAMkF,QAAQgD,EAAWrM,GAC7BgM,EAAI7H,EAAMkF,QAAQ+C,EAAIzC,MAAM,EAAGJ,GAAMvJ,GACrCuM,EAAKzE,EAAEe,eAAeoD,EACvB,CAAC,MAAOO,GACP,OAAO,CACT,CACA,IAAKxM,GAAUwH,EAAEyB,eAAgB,OAAO,EAExC,MAAMwD,EAAIrB,EAAmBC,EAASW,EAAE3B,aAAc7C,EAAE6C,aAAcoB,GAItE,OAHYO,EAAEzJ,IAAIiF,EAAEqB,eAAe4D,IAGxBlE,SAASgE,GAAInD,gBAAgBvC,OAAO1C,EAAMkD,KACvD,EA2BEqF,cAAevI,EACfwI,MAxBY,CACZ1B,uBAEA2B,iBAAkBA,IAAkBjM,EAAYQ,EAAGqI,OAQnDqD,WAAUA,CAACpG,EAAa,EAAGyE,EAAsB/G,EAAMsG,QACrDS,EAAM1E,eAAeC,GACrByE,EAAMxC,SAAS/I,OAAO,IACfuL,IAYb","x_google_ignoreList":[0]}
1	+ {"version":3,"file":"edwards.js","sources":["../../../../../../../node_modules/@noble/curves/esm/abstract/edwards.js"],"sourcesContent":["/*\n Twisted Edwards curve. The formula is: ax² + y² = 1 + dx²y².\n * For design rationale of types / exports, see weierstrass module documentation.\n * Untwisted Edwards curves exist, but they aren't used in real-world protocols.\n * @module\n /\n/! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) /\nimport { _validateObject, _abool2 as abool, _abytes2 as abytes, aInRange, bytesToHex, bytesToNumberLE, concatBytes, copyBytes, ensureBytes, isBytes, memoized, notImplemented, randomBytes as randomBytesWeb, } from \"../utils.js\";\nimport { _createCurveFields, normalizeZ, pippenger, wNAF, } from \"./curve.js\";\nimport { Field } from \"./modular.js\";\n// Be friendly to bad ECMAScript parsers by not using bigint literals\n// prettier-ignore\nconst _0n = BigInt(0), _1n = BigInt(1), _2n = BigInt(2), _8n = BigInt(8);\nfunction isEdValidXY(Fp, CURVE, x, y) {\n const x2 = Fp.sqr(x);\n const y2 = Fp.sqr(y);\n const left = Fp.add(Fp.mul(CURVE.a, x2), y2);\n const right = Fp.add(Fp.ONE, Fp.mul(CURVE.d, Fp.mul(x2, y2)));\n return Fp.eql(left, right);\n}\nexport function edwards(params, extraOpts = {}) {\n const validated = _createCurveFields('edwards', params, extraOpts, extraOpts.FpFnLE);\n const { Fp, Fn } = validated;\n let CURVE = validated.CURVE;\n const { h: cofactor } = CURVE;\n _validateObject(extraOpts, {}, { uvRatio: 'function' });\n // Important:\n // There are some places where Fp.BYTES is used instead of nByteLength.\n // So far, everything has been tested with curves of Fp.BYTES == nByteLength.\n // TODO: test and find curves which behave otherwise.\n const MASK = _2n << (BigInt(Fn.BYTES 8) - _1n);\n const modP = (n) => Fp.create(n); // Function overrides\n // sqrt(u/v)\n const uvRatio = extraOpts.uvRatio \|\|\n ((u, v) => {\n try {\n return { isValid: true, value: Fp.sqrt(Fp.div(u, v)) };\n }\n catch (e) {\n return { isValid: false, value: _0n };\n }\n });\n // Validate whether the passed curve params are valid.\n // equation ax² + y² = 1 + dx²y² should work for generator point.\n if (!isEdValidXY(Fp, CURVE, CURVE.Gx, CURVE.Gy))\n throw new Error('bad curve params: generator point');\n /*\n Asserts coordinate is valid: 0 <= n < MASK.\n * Coordinates >= Fp.ORDER are allowed for zip215.\n /\n function acoord(title, n, banZero = false) {\n const min = banZero ? _1n : _0n;\n aInRange('coordinate ' + title, n, min, MASK);\n return n;\n }\n function aextpoint(other) {\n if (!(other instanceof Point))\n throw new Error('ExtendedPoint expected');\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n const toAffineMemo = memoized((p, iz) => {\n const { X, Y, Z } = p;\n const is0 = p.is0();\n if (iz == null)\n iz = is0 ? _8n : Fp.inv(Z); // 8 was chosen arbitrarily\n const x = modP(X iz);\n const y = modP(Y * iz);\n const zz = Fp.mul(Z, iz);\n if (is0)\n return { x: _0n, y: _1n };\n if (zz !== _1n)\n throw new Error('invZ was invalid');\n return { x, y };\n });\n const assertValidMemo = memoized((p) => {\n const { a, d } = CURVE;\n if (p.is0())\n throw new Error('bad point: ZERO'); // TODO: optimize, with vars below?\n // Equation in affine coordinates: ax² + y² = 1 + dx²y²\n // Equation in projective coordinates (X/Z, Y/Z, Z): (aX² + Y²)Z² = Z⁴ + dX²Y²\n const { X, Y, Z, T } = p;\n const X2 = modP(X * X); // X²\n const Y2 = modP(Y * Y); // Y²\n const Z2 = modP(Z * Z); // Z²\n const Z4 = modP(Z2 * Z2); // Z⁴\n const aX2 = modP(X2 * a); // aX²\n const left = modP(Z2 * modP(aX2 + Y2)); // (aX² + Y²)Z²\n const right = modP(Z4 + modP(d * modP(X2 * Y2))); // Z⁴ + dX²Y²\n if (left !== right)\n throw new Error('bad point: equation left != right (1)');\n // In Extended coordinates we also have T, which is xy=T/Z: check XY == ZT\n const XY = modP(X Y);\n const ZT = modP(Z * T);\n if (XY !== ZT)\n throw new Error('bad point: equation left != right (2)');\n return true;\n });\n // Extended Point works in extended coordinates: (X, Y, Z, T) ∋ (x=X/Z, y=Y/Z, T=xy).\n // https://en.wikipedia.org/wiki/Twisted_Edwards_curve#Extended_coordinates\n class Point {\n constructor(X, Y, Z, T) {\n this.X = acoord('x', X);\n this.Y = acoord('y', Y);\n this.Z = acoord('z', Z, true);\n this.T = acoord('t', T);\n Object.freeze(this);\n }\n static CURVE() {\n return CURVE;\n }\n static fromAffine(p) {\n if (p instanceof Point)\n throw new Error('extended point not allowed');\n const { x, y } = p \|\| {};\n acoord('x', x);\n acoord('y', y);\n return new Point(x, y, _1n, modP(x * y));\n }\n // Uses algo from RFC8032 5.1.3.\n static fromBytes(bytes, zip215 = false) {\n const len = Fp.BYTES;\n const { a, d } = CURVE;\n bytes = copyBytes(abytes(bytes, len, 'point'));\n abool(zip215, 'zip215');\n const normed = copyBytes(bytes); // copy again, we'll manipulate it\n const lastByte = bytes[len - 1]; // select last byte\n normed[len - 1] = lastByte & ~0x80; // clear last bit\n const y = bytesToNumberLE(normed);\n // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.\n // RFC8032 prohibits >= p, but ZIP215 doesn't\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n const max = zip215 ? MASK : Fp.ORDER;\n aInRange('point.y', y, _0n, max);\n // Ed25519: x² = (y²-1)/(dy²+1) mod p. Ed448: x² = (y²-1)/(dy²-1) mod p. Generic case:\n // ax²+y²=1+dx²y² => y²-1=dx²y²-ax² => y²-1=x²(dy²-a) => x²=(y²-1)/(dy²-a)\n const y2 = modP(y * y); // denominator is always non-0 mod p.\n const u = modP(y2 - _1n); // u = y² - 1\n const v = modP(d * y2 - a); // v = d y² + 1.\n let { isValid, value: x } = uvRatio(u, v); // √(u/v)\n if (!isValid)\n throw new Error('bad point: invalid y coordinate');\n const isXOdd = (x & _1n) === _1n; // There are 2 square roots. Use x_0 bit to select proper\n const isLastByteOdd = (lastByte & 0x80) !== 0; // x_0, last bit\n if (!zip215 && x === _0n && isLastByteOdd)\n // if x=0 and x_0 = 1, fail\n throw new Error('bad point: x=0 and x_0=1');\n if (isLastByteOdd !== isXOdd)\n x = modP(-x); // if x_0 != x mod 2, set x = p-x\n return Point.fromAffine({ x, y });\n }\n static fromHex(bytes, zip215 = false) {\n return Point.fromBytes(ensureBytes('point', bytes), zip215);\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n precompute(windowSize = 8, isLazy = true) {\n wnaf.createCache(this, windowSize);\n if (!isLazy)\n this.multiply(_2n); // random number\n return this;\n }\n // Useful in fromAffine() - not for fromBytes(), which always created valid points.\n assertValidity() {\n assertValidMemo(this);\n }\n // Compare one point to another.\n equals(other) {\n aextpoint(other);\n const { X: X1, Y: Y1, Z: Z1 } = this;\n const { X: X2, Y: Y2, Z: Z2 } = other;\n const X1Z2 = modP(X1 * Z2);\n const X2Z1 = modP(X2 * Z1);\n const Y1Z2 = modP(Y1 * Z2);\n const Y2Z1 = modP(Y2 * Z1);\n return X1Z2 === X2Z1 && Y1Z2 === Y2Z1;\n }\n is0() {\n return this.equals(Point.ZERO);\n }\n negate() {\n // Flips point sign to a negative one (-x, y in affine coords)\n return new Point(modP(-this.X), this.Y, this.Z, modP(-this.T));\n }\n // Fast algo for doubling Extended Point.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#doubling-dbl-2008-hwcd\n // Cost: 4M + 4S + 1a + 6add + 12.\n double() {\n const { a } = CURVE;\n const { X: X1, Y: Y1, Z: Z1 } = this;\n const A = modP(X1 * X1); // A = X12\n const B = modP(Y1 * Y1); // B = Y12\n const C = modP(_2n * modP(Z1 * Z1)); // C = 2Z12\n const D = modP(a A); // D = aA\n const x1y1 = X1 + Y1;\n const E = modP(modP(x1y1 x1y1) - A - B); // E = (X1+Y1)2-A-B\n const G = D + B; // G = D+B\n const F = G - C; // F = G-C\n const H = D - B; // H = D-B\n const X3 = modP(E * F); // X3 = EF\n const Y3 = modP(G H); // Y3 = GH\n const T3 = modP(E H); // T3 = EH\n const Z3 = modP(F G); // Z3 = FG\n return new Point(X3, Y3, Z3, T3);\n }\n // Fast algo for adding 2 Extended Points.\n // https://hyperelliptic.org/EFD/g1p/auto-twisted-extended.html#addition-add-2008-hwcd\n // Cost: 9M + 1a + 1d + 7add.\n add(other) {\n aextpoint(other);\n const { a, d } = CURVE;\n const { X: X1, Y: Y1, Z: Z1, T: T1 } = this;\n const { X: X2, Y: Y2, Z: Z2, T: T2 } = other;\n const A = modP(X1 X2); // A = X1X2\n const B = modP(Y1 Y2); // B = Y1Y2\n const C = modP(T1 d * T2); // C = T1dT2\n const D = modP(Z1 * Z2); // D = Z1Z2\n const E = modP((X1 + Y1) (X2 + Y2) - A - B); // E = (X1+Y1)(X2+Y2)-A-B\n const F = D - C; // F = D-C\n const G = D + C; // G = D+C\n const H = modP(B - a A); // H = B-aA\n const X3 = modP(E F); // X3 = EF\n const Y3 = modP(G H); // Y3 = GH\n const T3 = modP(E H); // T3 = EH\n const Z3 = modP(F G); // Z3 = FG\n return new Point(X3, Y3, Z3, T3);\n }\n subtract(other) {\n return this.add(other.negate());\n }\n // Constant-time multiplication.\n multiply(scalar) {\n // 1 <= scalar < L\n if (!Fn.isValidNot0(scalar))\n throw new Error('invalid scalar: expected 1 <= sc < curve.n');\n const { p, f } = wnaf.cached(this, scalar, (p) => normalizeZ(Point, p));\n return normalizeZ(Point, [p, f])[0];\n }\n // Non-constant-time multiplication. Uses double-and-add algorithm.\n // It's faster, but should only be used when you don't care about\n // an exposed private key e.g. sig verification.\n // Does NOT allow scalars higher than CURVE.n.\n // Accepts optional accumulator to merge with multiply (important for sparse scalars)\n multiplyUnsafe(scalar, acc = Point.ZERO) {\n // 0 <= scalar < L\n if (!Fn.isValid(scalar))\n throw new Error('invalid scalar: expected 0 <= sc < curve.n');\n if (scalar === _0n)\n return Point.ZERO;\n if (this.is0() \|\| scalar === _1n)\n return this;\n return wnaf.unsafe(this, scalar, (p) => normalizeZ(Point, p), acc);\n }\n // Checks if point is of small order.\n // If you add something to small order point, you will have \"dirty\"\n // point with torsion component.\n // Multiplies point by cofactor and checks if the result is 0.\n isSmallOrder() {\n return this.multiplyUnsafe(cofactor).is0();\n }\n // Multiplies point by curve order and checks if the result is 0.\n // Returns `false` is the point is dirty.\n isTorsionFree() {\n return wnaf.unsafe(this, CURVE.n).is0();\n }\n // Converts Extended point to default (x, y) coordinates.\n // Can accept precomputed Z^-1 - for example, from invertBatch.\n toAffine(invertedZ) {\n return toAffineMemo(this, invertedZ);\n }\n clearCofactor() {\n if (cofactor === _1n)\n return this;\n return this.multiplyUnsafe(cofactor);\n }\n toBytes() {\n const { x, y } = this.toAffine();\n // Fp.toBytes() allows non-canonical encoding of y (>= p).\n const bytes = Fp.toBytes(y);\n // Each y has 2 valid points: (x, y), (x,-y).\n // When compressing, it's enough to store y and use the last byte to encode sign of x\n bytes[bytes.length - 1] \|= x & _1n ? 0x80 : 0;\n return bytes;\n }\n toHex() {\n return bytesToHex(this.toBytes());\n }\n toString() {\n return `<Point ${this.is0() ? 'ZERO' : this.toHex()}>`;\n }\n // TODO: remove\n get ex() {\n return this.X;\n }\n get ey() {\n return this.Y;\n }\n get ez() {\n return this.Z;\n }\n get et() {\n return this.T;\n }\n static normalizeZ(points) {\n return normalizeZ(Point, points);\n }\n static msm(points, scalars) {\n return pippenger(Point, Fn, points, scalars);\n }\n _setWindowSize(windowSize) {\n this.precompute(windowSize);\n }\n toRawBytes() {\n return this.toBytes();\n }\n }\n // base / generator point\n Point.BASE = new Point(CURVE.Gx, CURVE.Gy, _1n, modP(CURVE.Gx CURVE.Gy));\n // zero / infinity / identity point\n Point.ZERO = new Point(_0n, _1n, _1n, _0n); // 0, 1, 1, 0\n // math field\n Point.Fp = Fp;\n // scalar field\n Point.Fn = Fn;\n const wnaf = new wNAF(Point, Fn.BITS);\n Point.BASE.precompute(8); // Enable precomputes. Slows down first publicKey computation by 20ms.\n return Point;\n}\n/*\n Base class for prime-order points like Ristretto255 and Decaf448.\n * These points eliminate cofactor issues by representing equivalence classes\n * of Edwards curve points.\n /\nexport class PrimeEdwardsPoint {\n constructor(ep) {\n this.ep = ep;\n }\n // Static methods that must be implemented by subclasses\n static fromBytes(_bytes) {\n notImplemented();\n }\n static fromHex(_hex) {\n notImplemented();\n }\n get x() {\n return this.toAffine().x;\n }\n get y() {\n return this.toAffine().y;\n }\n // Common implementations\n clearCofactor() {\n // no-op for prime-order groups\n return this;\n }\n assertValidity() {\n this.ep.assertValidity();\n }\n toAffine(invertedZ) {\n return this.ep.toAffine(invertedZ);\n }\n toHex() {\n return bytesToHex(this.toBytes());\n }\n toString() {\n return this.toHex();\n }\n isTorsionFree() {\n return true;\n }\n isSmallOrder() {\n return false;\n }\n add(other) {\n this.assertSame(other);\n return this.init(this.ep.add(other.ep));\n }\n subtract(other) {\n this.assertSame(other);\n return this.init(this.ep.subtract(other.ep));\n }\n multiply(scalar) {\n return this.init(this.ep.multiply(scalar));\n }\n multiplyUnsafe(scalar) {\n return this.init(this.ep.multiplyUnsafe(scalar));\n }\n double() {\n return this.init(this.ep.double());\n }\n negate() {\n return this.init(this.ep.negate());\n }\n precompute(windowSize, isLazy) {\n return this.init(this.ep.precompute(windowSize, isLazy));\n }\n /* @deprecated use `toBytes` /\n toRawBytes() {\n return this.toBytes();\n }\n}\n/\n Initializes EdDSA signatures over given Edwards curve.\n /\nexport function eddsa(Point, cHash, eddsaOpts = {}) {\n if (typeof cHash !== 'function')\n throw new Error('\"hash\" function param is required');\n _validateObject(eddsaOpts, {}, {\n adjustScalarBytes: 'function',\n randomBytes: 'function',\n domain: 'function',\n prehash: 'function',\n mapToCurve: 'function',\n });\n const { prehash } = eddsaOpts;\n const { BASE, Fp, Fn } = Point;\n const randomBytes = eddsaOpts.randomBytes \|\| randomBytesWeb;\n const adjustScalarBytes = eddsaOpts.adjustScalarBytes \|\| ((bytes) => bytes);\n const domain = eddsaOpts.domain \|\|\n ((data, ctx, phflag) => {\n abool(phflag, 'phflag');\n if (ctx.length \|\| phflag)\n throw new Error('Contexts/pre-hash are not supported');\n return data;\n }); // NOOP\n // Little-endian SHA512 with modulo n\n function modN_LE(hash) {\n return Fn.create(bytesToNumberLE(hash)); // Not Fn.fromBytes: it has length limit\n }\n // Get the hashed private scalar per RFC8032 5.1.5\n function getPrivateScalar(key) {\n const len = lengths.secretKey;\n key = ensureBytes('private key', key, len);\n // Hash private key with curve's hash function to produce uniformingly random input\n // Check byte lengths: ensure(64, h(ensure(32, key)))\n const hashed = ensureBytes('hashed private key', cHash(key), 2 len);\n const head = adjustScalarBytes(hashed.slice(0, len)); // clear first half bits, produce FE\n const prefix = hashed.slice(len, 2 * len); // second half is called key prefix (5.1.6)\n const scalar = modN_LE(head); // The actual private scalar\n return { head, prefix, scalar };\n }\n /** Convenience method that creates public key from scalar. RFC8032 5.1.5 /\n function getExtendedPublicKey(secretKey) {\n const { head, prefix, scalar } = getPrivateScalar(secretKey);\n const point = BASE.multiply(scalar); // Point on Edwards curve aka public key\n const pointBytes = point.toBytes();\n return { head, prefix, scalar, point, pointBytes };\n }\n /* Calculates EdDSA pub key. RFC8032 5.1.5. /\n function getPublicKey(secretKey) {\n return getExtendedPublicKey(secretKey).pointBytes;\n }\n // int('LE', SHA512(dom2(F, C) \|\| msgs)) mod N\n function hashDomainToScalar(context = Uint8Array.of(), ...msgs) {\n const msg = concatBytes(...msgs);\n return modN_LE(cHash(domain(msg, ensureBytes('context', context), !!prehash)));\n }\n /* Signs message with privateKey. RFC8032 5.1.6 /\n function sign(msg, secretKey, options = {}) {\n msg = ensureBytes('message', msg);\n if (prehash)\n msg = prehash(msg); // for ed25519ph etc.\n const { prefix, scalar, pointBytes } = getExtendedPublicKey(secretKey);\n const r = hashDomainToScalar(options.context, prefix, msg); // r = dom2(F, C) \|\| prefix \|\| PH(M)\n const R = BASE.multiply(r).toBytes(); // R = rG\n const k = hashDomainToScalar(options.context, R, pointBytes, msg); // R \|\| A \|\| PH(M)\n const s = Fn.create(r + k scalar); // S = (r + k * s) mod L\n if (!Fn.isValid(s))\n throw new Error('sign failed: invalid s'); // 0 <= s < L\n const rs = concatBytes(R, Fn.toBytes(s));\n return abytes(rs, lengths.signature, 'result');\n }\n // verification rule is either zip215 or rfc8032 / nist186-5. Consult fromHex:\n const verifyOpts = { zip215: true };\n /*\n Verifies EdDSA signature against message and public key. RFC8032 5.1.7.\n * An extended group equation is checked.\n /\n function verify(sig, msg, publicKey, options = verifyOpts) {\n const { context, zip215 } = options;\n const len = lengths.signature;\n sig = ensureBytes('signature', sig, len);\n msg = ensureBytes('message', msg);\n publicKey = ensureBytes('publicKey', publicKey, lengths.publicKey);\n if (zip215 !== undefined)\n abool(zip215, 'zip215');\n if (prehash)\n msg = prehash(msg); // for ed25519ph, etc\n const mid = len / 2;\n const r = sig.subarray(0, mid);\n const s = bytesToNumberLE(sig.subarray(mid, len));\n let A, R, SB;\n try {\n // zip215=true is good for consensus-critical apps. =false follows RFC8032 / NIST186-5.\n // zip215=true: 0 <= y < MASK (2^256 for ed25519)\n // zip215=false: 0 <= y < P (2^255-19 for ed25519)\n A = Point.fromBytes(publicKey, zip215);\n R = Point.fromBytes(r, zip215);\n SB = BASE.multiplyUnsafe(s); // 0 <= s < l is done inside\n }\n catch (error) {\n return false;\n }\n if (!zip215 && A.isSmallOrder())\n return false; // zip215 allows public keys of small order\n const k = hashDomainToScalar(context, R.toBytes(), A.toBytes(), msg);\n const RkA = R.add(A.multiplyUnsafe(k));\n // Extended group equation\n // [8][S]B = [8]R + [8][k]A'\n return RkA.subtract(SB).clearCofactor().is0();\n }\n const _size = Fp.BYTES; // 32 for ed25519, 57 for ed448\n const lengths = {\n secretKey: _size,\n publicKey: _size,\n signature: 2 _size,\n seed: _size,\n };\n function randomSecretKey(seed = randomBytes(lengths.seed)) {\n return abytes(seed, lengths.seed, 'seed');\n }\n function keygen(seed) {\n const secretKey = utils.randomSecretKey(seed);\n return { secretKey, publicKey: getPublicKey(secretKey) };\n }\n function isValidSecretKey(key) {\n return isBytes(key) && key.length === Fn.BYTES;\n }\n function isValidPublicKey(key, zip215) {\n try {\n return !!Point.fromBytes(key, zip215);\n }\n catch (error) {\n return false;\n }\n }\n const utils = {\n getExtendedPublicKey,\n randomSecretKey,\n isValidSecretKey,\n isValidPublicKey,\n /*\n Converts ed public key to x public key. Uses formula:\n * - ed25519:\n * - `(u, v) = ((1+y)/(1-y), sqrt(-486664)u/x)`\n - `(x, y) = (sqrt(-486664)u/v, (u-1)/(u+1))`\n - ed448:\n * - `(u, v) = ((y-1)/(y+1), sqrt(156324)u/x)`\n - `(x, y) = (sqrt(156324)u/v, (1+u)/(1-u))`\n /\n toMontgomery(publicKey) {\n const { y } = Point.fromBytes(publicKey);\n const size = lengths.publicKey;\n const is25519 = size === 32;\n if (!is25519 && size !== 57)\n throw new Error('only defined for 25519 and 448');\n const u = is25519 ? Fp.div(_1n + y, _1n - y) : Fp.div(y - _1n, y + _1n);\n return Fp.toBytes(u);\n },\n toMontgomerySecret(secretKey) {\n const size = lengths.secretKey;\n abytes(secretKey, size);\n const hashed = cHash(secretKey.subarray(0, size));\n return adjustScalarBytes(hashed).subarray(0, size);\n },\n /** @deprecated /\n randomPrivateKey: randomSecretKey,\n /* @deprecated */\n precompute(windowSize = 8, point = Point.BASE) {\n return point.precompute(windowSize, false);\n },\n };\n return Object.freeze({\n keygen,\n getPublicKey,\n sign,\n verify,\n utils,\n Point,\n lengths,\n });\n}\nfunction _eddsa_legacy_opts_to_new(c) {\n const CURVE = {\n a: c.a,\n d: c.d,\n p: c.Fp.ORDER,\n n: c.n,\n h: c.h,\n Gx: c.Gx,\n Gy: c.Gy,\n };\n const Fp = c.Fp;\n const Fn = Field(CURVE.n, c.nBitLength, true);\n const curveOpts = { Fp, Fn, uvRatio: c.uvRatio };\n const eddsaOpts = {\n randomBytes: c.randomBytes,\n adjustScalarBytes: c.adjustScalarBytes,\n domain: c.domain,\n prehash: c.prehash,\n mapToCurve: c.mapToCurve,\n };\n return { CURVE, curveOpts, hash: c.hash, eddsaOpts };\n}\nfunction _eddsa_new_output_to_legacy(c, eddsa) {\n const Point = eddsa.Point;\n const legacy = Object.assign({}, eddsa, {\n ExtendedPoint: Point,\n CURVE: c,\n nBitLength: Point.Fn.BITS,\n nByteLength: Point.Fn.BYTES,\n });\n return legacy;\n}\n// TODO: remove. Use eddsa\nexport function twistedEdwards(c) {\n const { CURVE, curveOpts, hash, eddsaOpts } = _eddsa_legacy_opts_to_new(c);\n const Point = edwards(CURVE, curveOpts);\n const EDDSA = eddsa(Point, hash, eddsaOpts);\n return _eddsa_new_output_to_legacy(c, EDDSA);\n}\n//# sourceMappingURL=edwards.js.map"],"names":["_0n","BigInt","_1n","_2n","_8n","edwards","params","extraOpts","validated","_createCurveFields","FpFnLE","Fp","Fn","CURVE","h","cofactor","_validateObject","uvRatio","MASK","BYTES","modP","n","create","u","v","isValid","value","sqrt","div","e","x","y","x2","sqr","y2","left","add","mul","a","right","ONE","d","eql","isEdValidXY","Gx","Gy","Error","acoord","title","banZero","aInRange","aextpoint","other","Point","toAffineMemo","memoized","p","iz","X","Y","Z","is0","inv","zz","assertValidMemo","T","X2","Y2","Z2","Z4","aX2","constructor","this","Object","freeze","fromAffine","fromBytes","bytes","zip215","len","copyBytes","abytes","abool","normed","lastByte","bytesToNumberLE","max","ORDER","isXOdd","isLastByteOdd","fromHex","ensureBytes","toAffine","precompute","windowSize","isLazy","wnaf","createCache","multiply","assertValidity","equals","X1","Y1","Z1","X1Z2","X2Z1","Y1Z2","Y2Z1","ZERO","negate","double","A","B","C","D","x1y1","E","G","F","H","X3","Y3","T3","Z3","T1","T2","subtract","scalar","isValidNot0","f","cached","normalizeZ","multiplyUnsafe","acc","unsafe","isSmallOrder","isTorsionFree","invertedZ","clearCofactor","toBytes","length","toHex","bytesToHex","toString","ex","ey","ez","et","points","msm","scalars","pippenger","_setWindowSize","toRawBytes","BASE","wNAF","BITS","eddsa","cHash","eddsaOpts","adjustScalarBytes","randomBytes","domain","prehash","mapToCurve","randomBytesWeb","data","ctx","phflag","modN_LE","hash","getExtendedPublicKey","secretKey","head","prefix","key","lengths","hashed","slice","getPrivateScalar","point","pointBytes","getPublicKey","hashDomainToScalar","context","Uint8Array","of","msgs","msg","concatBytes","verifyOpts","_size","publicKey","signature","seed","randomSecretKey","utils","isValidSecretKey","isBytes","isValidPublicKey","error","toMontgomery","size","is25519","toMontgomerySecret","subarray","randomPrivateKey","keygen","sign","options","r","R","k","s","rs","verify","sig","undefined","mid","SB","twistedEdwards","c","curveOpts","Field","nBitLength","_eddsa_legacy_opts_to_new","assign","ExtendedPoint","nByteLength","_eddsa_new_output_to_legacy"],"mappings":";;AAuCA,MAAMA,EAAMC,OAAO,GAAIC,EAAMD,OAAO,GAAIE,EAAMF,OAAO,GAAIG,EAAMH,OAAO,GAsKhE,SAAUI,EAAQC,EAAqBC,EAA8B,IACzE,MAAMC,EAAYC,EAAmB,UAAWH,EAAQC,EAAWA,EAAUG,SACvEC,GAAEA,EAAEC,GAAEA,GAAOJ,EACnB,IAAIK,EAAQL,EAAUK,MACtB,MAAQC,EAAGC,GAAaF,EACxBG,EAAgBT,EAAW,GAAI,CAAEU,QAAS,aAM1C,MAAMC,EAAOf,GAAQF,OAAkB,EAAXW,EAAGO,OAAajB,EACtCkB,EAAQC,GAAcV,EAAGW,OAAOD,GAGhCJ,EACJV,EAAUU,SAAO,EACfM,EAAWC,KACX,IACE,MAAO,CAAEC,SAAS,EAAMC,MAAOf,EAAGgB,KAAKhB,EAAGiB,IAAIL,EAAGC,IACnD,CAAE,MAAOK,GACP,MAAO,CAAEJ,SAAS,EAAOC,MAAO1B,EAClC,CACD,GAIH,IAnCF,SAAqBW,EAAoBE,EAAoBiB,EAAWC,GACtE,MAAMC,EAAKrB,EAAGsB,IAAIH,GACZI,EAAKvB,EAAGsB,IAAIF,GACZI,EAAOxB,EAAGyB,IAAIzB,EAAG0B,IAAIxB,EAAMyB,EAAGN,GAAKE,GACnCK,EAAQ5B,EAAGyB,IAAIzB,EAAG6B,IAAK7B,EAAG0B,IAAIxB,EAAM4B,EAAG9B,EAAG0B,IAAIL,EAAIE,KACxD,OAAOvB,EAAG+B,IAAIP,EAAMI,EACtB,CA6BOI,CAAYhC,EAAIE,EAAOA,EAAM+B,GAAI/B,EAAMgC,IAC1C,MAAM,IAAIC,MAAM,qCAMlB,SAASC,EAAOC,EAAe3B,EAAW4B,GAAU,GAGlD,OADAC,EAAS,cAAgBF,EAAO3B,EADpB4B,EAAU/C,EAAMF,EACYkB,GACjCG,CACT,CAEA,SAAS8B,EAAUC,GACjB,KAAMA,aAAiBC,GAAQ,MAAM,IAAIP,MAAM,yBACjD,CAGA,MAAMQ,EAAeC,EAAS,CAACC,EAAUC,KACvC,MAAMC,EAAEA,EAACC,EAAEA,EAACC,EAAEA,GAAMJ,EACdK,EAAML,EAAEK,MACJ,MAANJ,IAAYA,EAAKI,EAAMzD,EAAOO,EAAGmD,IAAIF,IACzC,MAAM9B,EAAIV,EAAKsC,EAAID,GACb1B,EAAIX,EAAKuC,EAAIF,GACbM,EAAKpD,EAAG0B,IAAIuB,EAAGH,GACrB,GAAII,EAAK,MAAO,CAAE/B,EAAG9B,EAAK+B,EAAG7B,GAC7B,GAAI6D,IAAO7D,EAAK,MAAM,IAAI4C,MAAM,oBAChC,MAAO,CAAEhB,IAAGC,OAERiC,EAAkBT,EAAUC,IAChC,MAAMlB,EAAEA,EAACG,EAAEA,GAAM5B,EACjB,GAAI2C,EAAEK,MAAO,MAAM,IAAIf,MAAM,mBAG7B,MAAMY,EAAEA,EAACC,EAAEA,EAACC,EAAEA,EAACK,EAAEA,GAAMT,EACjBU,EAAK9C,EAAKsC,EAAIA,GACdS,EAAK/C,EAAKuC,EAAIA,GACdS,EAAKhD,EAAKwC,EAAIA,GACdS,EAAKjD,EAAKgD,EAAKA,GACfE,EAAMlD,EAAK8C,EAAK5B,GAGtB,GAFalB,EAAKgD,EAAKhD,EAAKkD,EAAMH,MACpB/C,EAAKiD,EAAKjD,EAAKqB,EAAIrB,EAAK8C,EAAKC,KACvB,MAAM,IAAIrB,MAAM,yCAIpC,GAFW1B,EAAKsC,EAAIC,KACTvC,EAAKwC,EAAIK,GACL,MAAM,IAAInB,MAAM,yCAC/B,OAAO,IAKT,MAAMO,EAeJkB,WAAAA,CAAYb,EAAWC,EAAWC,EAAWK,GAC3CO,KAAKd,EAAIX,EAAO,IAAKW,GACrBc,KAAKb,EAAIZ,EAAO,IAAKY,GACrBa,KAAKZ,EAAIb,EAAO,IAAKa,GAAG,GACxBY,KAAKP,EAAIlB,EAAO,IAAKkB,GACrBQ,OAAOC,OAAOF,KAChB,CAEA,YAAO3D,GACL,OAAOA,CACT,CAEA,iBAAO8D,CAAWnB,GAChB,GAAIA,aAAaH,EAAO,MAAM,IAAIP,MAAM,8BACxC,MAAMhB,EAAEA,EAACC,EAAEA,GAAMyB,GAAK,CAAA,EAGtB,OAFAT,EAAO,IAAKjB,GACZiB,EAAO,IAAKhB,GACL,IAAIsB,EAAMvB,EAAGC,EAAG7B,EAAKkB,EAAKU,EAAIC,GACvC,CAGA,gBAAO6C,CAAUC,EAAmBC,GAAS,GAC3C,MAAMC,EAAMpE,EAAGQ,OACTmB,EAAEA,EAACG,EAAEA,GAAM5B,EACjBgE,EAAQG,EAAUC,EAAOJ,EAAOE,EAAK,UACrCG,EAAMJ,EAAQ,UACd,MAAMK,EAASH,EAAUH,GACnBO,EAAWP,EAAME,EAAM,GAC7BI,EAAOJ,EAAM,IAAgB,IAAXK,EAClB,MAAMrD,EAAIsD,EAAgBF,GAMpBG,EAAMR,EAAS5D,EAAOP,EAAG4E,MAC/BrC,EAAS,UAAWnB,EAAG/B,EAAKsF,GAI5B,MAAMpD,EAAKd,EAAKW,EAAIA,GACdR,EAAIH,EAAKc,EAAKhC,GACdsB,EAAIJ,EAAKqB,EAAIP,EAAKI,GACxB,IAAIb,QAAEA,EAASC,MAAOI,GAAMb,EAAQM,EAAGC,GACvC,IAAKC,EAAS,MAAM,IAAIqB,MAAM,mCAC9B,MAAM0C,GAAU1D,EAAI5B,KAASA,EACvBuF,KAA4B,IAAXL,GACvB,IAAKN,GAAUhD,IAAM9B,GAAOyF,EAE1B,MAAM,IAAI3C,MAAM,4BAElB,OADI2C,IAAkBD,IAAQ1D,EAAIV,GAAMU,IACjCuB,EAAMsB,WAAW,CAAE7C,IAAGC,KAC/B,CACA,cAAO2D,CAAQb,EAAmBC,GAAS,GACzC,OAAOzB,EAAMuB,UAAUe,EAAY,QAASd,GAAQC,EACtD,CAEA,KAAIhD,GACF,OAAO0C,KAAKoB,WAAW9D,CACzB,CACA,KAAIC,GACF,OAAOyC,KAAKoB,WAAW7D,CACzB,CAEA8D,UAAAA,CAAWC,EAAqB,EAAGC,GAAS,GAG1C,OAFAC,EAAKC,YAAYzB,KAAMsB,GAClBC,GAAQvB,KAAK0B,SAAS/F,GACpBqE,IACT,CAGA2B,cAAAA,GACEnC,EAAgBQ,KAClB,CAGA4B,MAAAA,CAAOhD,GACLD,EAAUC,GACV,MAAQM,EAAG2C,EAAI1C,EAAG2C,EAAI1C,EAAG2C,GAAO/B,MACxBd,EAAGQ,EAAIP,EAAGQ,EAAIP,EAAGQ,GAAOhB,EAC1BoD,EAAOpF,EAAKiF,EAAKjC,GACjBqC,EAAOrF,EAAK8C,EAAKqC,GACjBG,EAAOtF,EAAKkF,EAAKlC,GACjBuC,EAAOvF,EAAK+C,EAAKoC,GACvB,OAAOC,IAASC,GAAQC,IAASC,CACnC,CAEA9C,GAAAA,GACE,OAAOW,KAAK4B,OAAO/C,EAAMuD,KAC3B,CAEAC,MAAAA,GAEE,OAAO,IAAIxD,EAAMjC,GAAMoD,KAAKd,GAAIc,KAAKb,EAAGa,KAAKZ,EAAGxC,GAAMoD,KAAKP,GAC7D,CAKA6C,MAAAA,GACE,MAAMxE,EAAEA,GAAMzB,GACN6C,EAAG2C,EAAI1C,EAAG2C,EAAI1C,EAAG2C,GAAO/B,KAC1BuC,EAAI3F,EAAKiF,EAAKA,GACdW,EAAI5F,EAAKkF,EAAKA,GACdW,EAAI7F,EAAKjB,EAAMiB,EAAKmF,EAAKA,IACzBW,EAAI9F,EAAKkB,EAAIyE,GACbI,EAAOd,EAAKC,EACZc,EAAIhG,EAAKA,EAAK+F,EAAOA,GAAQJ,EAAIC,GACjCK,EAAIH,EAAIF,EACRM,EAAID,EAAIJ,EACRM,EAAIL,EAAIF,EACRQ,EAAKpG,EAAKgG,EAAIE,GACdG,EAAKrG,EAAKiG,EAAIE,GACdG,EAAKtG,EAAKgG,EAAIG,GACdI,EAAKvG,EAAKkG,EAAID,GACpB,OAAO,IAAIhE,EAAMmE,EAAIC,EAAIE,EAAID,EAC/B,CAKAtF,GAAAA,CAAIgB,GACFD,EAAUC,GACV,MAAMd,EAAEA,EAACG,EAAEA,GAAM5B,GACT6C,EAAG2C,EAAI1C,EAAG2C,EAAI1C,EAAG2C,EAAItC,EAAG2D,GAAOpD,MAC/Bd,EAAGQ,EAAIP,EAAGQ,EAAIP,EAAGQ,EAAIH,EAAG4D,GAAOzE,EACjC2D,EAAI3F,EAAKiF,EAAKnC,GACd8C,EAAI5F,EAAKkF,EAAKnC,GACd8C,EAAI7F,EAAKwG,EAAKnF,EAAIoF,GAClBX,EAAI9F,EAAKmF,EAAKnC,GACdgD,EAAIhG,GAAMiF,EAAKC,IAAOpC,EAAKC,GAAM4C,EAAIC,GACrCM,EAAIJ,EAAID,EACRI,EAAIH,EAAID,EACRM,EAAInG,EAAK4F,EAAI1E,EAAIyE,GACjBS,EAAKpG,EAAKgG,EAAIE,GACdG,EAAKrG,EAAKiG,EAAIE,GACdG,EAAKtG,EAAKgG,EAAIG,GACdI,EAAKvG,EAAKkG,EAAID,GACpB,OAAO,IAAIhE,EAAMmE,EAAIC,EAAIE,EAAID,EAC/B,CAEAI,QAAAA,CAAS1E,GACP,OAAOoB,KAAKpC,IAAIgB,EAAMyD,SACxB,CAGAX,QAAAA,CAAS6B,GAEP,IAAKnH,EAAGoH,YAAYD,GAAS,MAAM,IAAIjF,MAAM,8CAC7C,MAAMU,EAAEA,EAACyE,EAAEA,GAAMjC,EAAKkC,OAAO1D,KAAMuD,EAASvE,GAAM2E,EAAW9E,EAAOG,IACpE,OAAO2E,EAAW9E,EAAO,CAACG,EAAGyE,IAAI,EACnC,CAOAG,cAAAA,CAAeL,EAAgBM,EAAMhF,EAAMuD,MAEzC,IAAKhG,EAAGa,QAAQsG,GAAS,MAAM,IAAIjF,MAAM,8CACzC,OAAIiF,IAAW/H,EAAYqD,EAAMuD,KAC7BpC,KAAKX,OAASkE,IAAW7H,EAAYsE,KAClCwB,EAAKsC,OAAO9D,KAAMuD,EAASvE,GAAM2E,EAAW9E,EAAOG,GAAI6E,EAChE,CAMAE,YAAAA,GACE,OAAO/D,KAAK4D,eAAerH,GAAU8C,KACvC,CAIA2E,aAAAA,GACE,OAAOxC,EAAKsC,OAAO9D,KAAM3D,EAAMQ,GAAGwC,KACpC,CAIA+B,QAAAA,CAAS6C,GACP,OAAOnF,EAAakB,KAAMiE,EAC5B,CAEAC,aAAAA,GACE,OAAI3H,IAAab,EAAYsE,KACtBA,KAAK4D,eAAerH,EAC7B,CAEA4H,OAAAA,GACE,MAAM7G,EAAEA,EAACC,EAAEA,GAAMyC,KAAKoB,WAEhBf,EAAQlE,EAAGgI,QAAQ5G,GAIzB,OADA8C,EAAMA,EAAM+D,OAAS,IAAM9G,EAAI5B,EAAM,IAAO,EACrC2E,CACT,CACAgE,KAAAA,GACE,OAAOC,EAAWtE,KAAKmE,UACzB,CAEAI,QAAAA,GACE,MAAO,UAAUvE,KAAKX,MAAQ,OAASW,KAAKqE,UAC9C,CAGA,MAAIG,GACF,OAAOxE,KAAKd,CACd,CACA,MAAIuF,GACF,OAAOzE,KAAKb,CACd,CACA,MAAIuF,GACF,OAAO1E,KAAKZ,CACd,CACA,MAAIuF,GACF,OAAO3E,KAAKP,CACd,CACA,iBAAOkE,CAAWiB,GAChB,OAAOjB,EAAW9E,EAAO+F,EAC3B,CACA,UAAOC,CAAID,EAAiBE,GAC1B,OAAOC,EAAUlG,EAAOzC,EAAIwI,EAAQE,EACtC,CACAE,cAAAA,CAAe1D,GACbtB,KAAKqB,WAAWC,EAClB,CACA2D,UAAAA,GACE,OAAOjF,KAAKmE,SACd,EArPgBtF,EAAAqG,KAAO,IAAIrG,EAAMxC,EAAM+B,GAAI/B,EAAMgC,GAAI3C,EAAKkB,EAAKP,EAAM+B,GAAK/B,EAAMgC,KAEhEQ,EAAAuD,KAAO,IAAIvD,EAAMrD,EAAKE,EAAKA,EAAKF,GAEhCqD,EAAA1C,GAAKA,EAEL0C,EAAAzC,GAAKA,EAiPvB,MAAMoF,EAAO,IAAI2D,EAAKtG,EAAOzC,EAAGgJ,MAEhC,OADAvG,EAAMqG,KAAK7D,WAAW,GACfxC,CACT,CAmHM,SAAUwG,EAAMxG,EAAyByG,EAAcC,EAAuB,CAAA,GAClF,GAAqB,mBAAVD,EAAsB,MAAM,IAAIhH,MAAM,qCACjD9B,EACE+I,EACA,GACA,CACEC,kBAAmB,WACnBC,YAAa,WACbC,OAAQ,WACRC,QAAS,WACTC,WAAY,aAIhB,MAAMD,QAAEA,GAAYJ,GACdL,KAAEA,EAAI/I,GAAEA,EAAEC,GAAEA,GAAOyC,EAEnB4G,EAAcF,EAAUE,aAAeI,EACvCL,EAAoBD,EAAUC,mBAAiB,CAAMnF,GAAsBA,GAC3EqF,EACJH,EAAUG,QAAM,EACdI,EAAkBC,EAAiBC,KAEnC,GADAtF,EAAMsF,EAAQ,UACVD,EAAI3B,QAAU4B,EAAQ,MAAM,IAAI1H,MAAM,uCAC1C,OAAOwH,CACR,GAGH,SAASG,EAAQC,GACf,OAAO9J,EAAGU,OAAO+D,EAAgBqF,GACnC,CAgBA,SAASC,EAAqBC,GAC5B,MAAMC,KAAEA,EAAIC,OAAEA,EAAM/C,OAAEA,GAdxB,SAA0BgD,GACxB,MAAMhG,EAAMiG,EAAQJ,UACpBG,EAAMpF,EAAY,cAAeoF,EAAKhG,GAGtC,MAAMkG,EAAStF,EAAY,qBAAsBmE,EAAMiB,GAAM,EAAIhG,GAC3D8F,EAAOb,EAAkBiB,EAAOC,MAAM,EAAGnG,IAG/C,MAAO,CAAE8F,OAAMC,OAFAG,EAAOC,MAAMnG,EAAK,EAAIA,GAEdgD,OADR0C,EAAQI,GAEzB,CAImCM,CAAiBP,GAC5CQ,EAAQ1B,EAAKxD,SAAS6B,GACtBsD,EAAaD,EAAMzC,UACzB,MAAO,CAAEkC,OAAMC,SAAQ/C,SAAQqD,QAAOC,aACxC,CAGA,SAASC,EAAaV,GACpB,OAAOD,EAAqBC,GAAWS,UACzC,CAGA,SAASE,EAAmBC,EAAeC,WAAWC,QAASC,GAC7D,MAAMC,EAAMC,KAAeF,GAC3B,OAAOlB,EAAQX,EAAMI,EAAO0B,EAAKjG,EAAY,UAAW6F,KAAYrB,IACtE,CAiBA,MAAM2B,EAAkD,CAAEhH,QAAQ,GAsClE,MAAMiH,EAAQpL,EAAGQ,MACX6J,EAAU,CACdJ,UAAWmB,EACXC,UAAWD,EACXE,UAAW,EAAIF,EACfG,KAAMH,GAER,SAASI,EAAgBD,EAAOjC,EAAYe,EAAQkB,OAClD,OAAOjH,EAAOiH,EAAMlB,EAAQkB,KAAM,OACpC,CAgBA,MAAME,EAAQ,CACZzB,uBACAwB,kBACAE,iBAdF,SAA0BtB,GACxB,OAAOuB,EAAQvB,IAAQA,EAAInC,SAAWhI,EAAGO,KAC3C,EAaEoL,iBAZF,SAA0BxB,EAAiBjG,GACzC,IACE,QAASzB,EAAMuB,UAAUmG,EAAKjG,EAChC,CAAE,MAAO0H,GACP,OAAO,CACT,CACF,EAgBEC,YAAAA,CAAaT,GACX,MAAMjK,EAAEA,GAAMsB,EAAMuB,UAAUoH,GACxBU,EAAO1B,EAAQgB,UACfW,EAAmB,KAATD,EAChB,IAAKC,GAAoB,KAATD,EAAa,MAAM,IAAI5J,MAAM,kCAC7C,MAAMvB,EAAIoL,EAAUhM,EAAGiB,IAAI1B,EAAM6B,EAAG7B,EAAM6B,GAAKpB,EAAGiB,IAAIG,EAAI7B,EAAK6B,EAAI7B,GACnE,OAAOS,EAAGgI,QAAQpH,EACpB,EAEAqL,kBAAAA,CAAmBhC,GACjB,MAAM8B,EAAO1B,EAAQJ,UACrB3F,EAAO2F,EAAW8B,GAClB,MAAMzB,EAASnB,EAAMc,EAAUiC,SAAS,EAAGH,IAC3C,OAAO1C,EAAkBiB,GAAQ4B,SAAS,EAAGH,EAC/C,EAGAI,iBAAkBX,EAElBtG,WAAUA,CAACC,EAAa,EAAGsF,EAAsB/H,EAAMqG,OAC9C0B,EAAMvF,WAAWC,GAAY,IAIxC,OAAOrB,OAAOC,OAAO,CACnBqI,OAtDF,SAAgBb,GACd,MAAMtB,EAAYwB,EAAMD,gBAAgBD,GACxC,MAAO,CAAEtB,YAAWoB,UAAWV,EAAaV,GAC9C,EAoDEU,eACA0B,KAtHF,SAAcpB,EAAUhB,EAAgBqC,EAA6B,CAAA,GACnErB,EAAMjG,EAAY,UAAWiG,GACzBzB,IAASyB,EAAMzB,EAAQyB,IAC3B,MAAMd,OAAEA,EAAM/C,OAAEA,EAAMsD,WAAEA,GAAeV,EAAqBC,GACtDsC,EAAI3B,EAAmB0B,EAAQzB,QAASV,EAAQc,GAChDuB,EAAIzD,EAAKxD,SAASgH,GAAGvE,UACrByE,EAAI7B,EAAmB0B,EAAQzB,QAAS2B,EAAG9B,EAAYO,GACvDyB,EAAIzM,EAAGU,OAAO4L,EAAIE,EAAIrF,GAC5B,IAAKnH,EAAGa,QAAQ4L,GAAI,MAAM,IAAIvK,MAAM,0BACpC,MAAMwK,EAAKzB,EAAYsB,EAAGvM,EAAG+H,QAAQ0E,IACrC,OAAOpI,EAAOqI,EAAItC,EAAQiB,UAAW,SACvC,EA4GEsB,OAnGF,SAAgBC,EAAU5B,EAAUI,EAAgBiB,EAAUnB,GAC5D,MAAMN,QAAEA,EAAO1G,OAAEA,GAAWmI,EACtBlI,EAAMiG,EAAQiB,UACpBuB,EAAM7H,EAAY,YAAa6H,EAAKzI,GACpC6G,EAAMjG,EAAY,UAAWiG,GAC7BI,EAAYrG,EAAY,YAAaqG,EAAWhB,EAAQgB,gBACzCyB,IAAX3I,GAAsBI,EAAMJ,EAAQ,UACpCqF,IAASyB,EAAMzB,EAAQyB,IAE3B,MAAM8B,EAAM3I,EAAM,EACZmI,EAAIM,EAAIX,SAAS,EAAGa,GACpBL,EAAIhI,EAAgBmI,EAAIX,SAASa,EAAK3I,IAC5C,IAAIgC,EAAGoG,EAAGQ,EACV,IAIE5G,EAAI1D,EAAMuB,UAAUoH,EAAWlH,GAC/BqI,EAAI9J,EAAMuB,UAAUsI,EAAGpI,GACvB6I,EAAKjE,EAAKtB,eAAeiF,EAC3B,CAAE,MAAOb,GACP,OAAO,CACT,CACA,IAAK1H,GAAUiC,EAAEwB,eAAgB,OAAO,EAExC,MAAM6E,EAAI7B,EAAmBC,EAAS2B,EAAExE,UAAW5B,EAAE4B,UAAWiD,GAIhE,OAHYuB,EAAE/K,IAAI2E,EAAEqB,eAAegF,IAGxBtF,SAAS6F,GAAIjF,gBAAgB7E,KAC1C,EAsEEuI,QACA/I,QACA2H,WAEJ,CAoEM,SAAU4C,EAAeC,GAC7B,MAAMhN,MAAEA,EAAKiN,UAAEA,EAASpD,KAAEA,EAAIX,UAAEA,GAlClC,SAAmC8D,GACjC,MAAMhN,EAAqB,CACzByB,EAAGuL,EAAEvL,EACLG,EAAGoL,EAAEpL,EACLe,EAAGqK,EAAElN,GAAG4E,MACRlE,EAAGwM,EAAExM,EACLP,EAAG+M,EAAE/M,EACL8B,GAAIiL,EAAEjL,GACNC,GAAIgL,EAAEhL,IAIFiL,EAA8B,CAAEnN,GAF3BkN,EAAElN,GAE6BC,GAD/BmN,EAAMlN,EAAMQ,EAAGwM,EAAEG,YAAY,GACM/M,QAAS4M,EAAE5M,SACnD8I,EAAuB,CAC3BE,YAAa4D,EAAE5D,YACfD,kBAAmB6D,EAAE7D,kBACrBE,OAAQ2D,EAAE3D,OACVC,QAAS0D,EAAE1D,QACXC,WAAYyD,EAAEzD,YAEhB,MAAO,CAAEvJ,QAAOiN,YAAWpD,KAAMmD,EAAEnD,KAAMX,YAC3C,CAagDkE,CAA0BJ,GAGxE,OAfF,SAAqCA,EAAwBhE,GAC3D,MAAMxG,EAAQwG,EAAMxG,MAOpB,OANeoB,OAAOyJ,OAAO,CAAA,EAAIrE,EAAO,CACtCsE,cAAe9K,EACfxC,MAAOgN,EACPG,WAAY3K,EAAMzC,GAAGgJ,KACrBwE,YAAa/K,EAAMzC,GAAGO,OAG1B,CAMSkN,CAA4BR,EADrBhE,EADAxJ,EAAQQ,EAAOiN,GACFpD,EAAMX,GAEnC","x_google_ignoreList":[0]}

package/dist/esm/node_modules/@noble/curves/esm/abstract/modular.js CHANGED Viewed

@@ -1,4 +1,4 @@
-import{anumber as r}from"../../../hashes/esm/utils.js";import{numberToBytesLE as t,numberToBytesBE as e,bitMask as n,bytesToNumberLE as o,bytesToNumberBE as i,validateObject as s}from"./utils.js";
+import{bytesToNumberLE as t,bytesToNumberBE as e,numberToBytesLE as n,numberToBytesBE as r,bitMask as o,_validateObject as i}from"../utils.js";import{anumber as s}from"../../../hashes/esm/utils.js";
 /*! noble-curves - MIT License (c) 2022 Paul Miller (paulmillr.com) */
-const u=BigInt(0),f=BigInt(1),l=BigInt(2),d=BigInt(3),c=BigInt(4),w=BigInt(5),E=BigInt(8);function g(r,t){const e=r%t;return e>=u?e:t+e}function a(r,t,e){let n=r;for(;t-- >u;)n*=n,n%=e;return n}function m(r,t){if(r===u)throw new Error("invert: expected non-zero number");if(t<=u)throw new Error("invert: expected positive modulus, got "+t);let e=g(r,t),n=t,o=u,i=f;for(;e!==u;){const r=n%e,t=o-i*(n/e);n=e,e=r,o=i,i=t}if(n!==f)throw new Error("invert: does not exist");return g(o,t)}function h(r,t){const e=(r.ORDER+f)/c,n=r.pow(t,e);if(!r.eql(r.sqr(n),t))throw new Error("Cannot find square root");return n}function q(r,t){const e=(r.ORDER-w)/E,n=r.mul(t,l),o=r.pow(n,e),i=r.mul(t,o),s=r.mul(r.mul(i,l),o),u=r.mul(i,r.sub(s,r.ONE));if(!r.eql(r.sqr(u),t))throw new Error("Cannot find square root");return u}function p(r){if(r<BigInt(3))throw new Error("sqrt is not defined for small field");let t=r-f,e=0;for(;t%l===u;)t/=l,e++;let n=l;const o=x(r);for(;1===I(o,n);)if(n++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(1===e)return h;let i=o.pow(n,t);const s=(t+f)/l;return function(r,n){if(r.is0(n))return n;if(1!==I(r,n))throw new Error("Cannot find square root");let o=e,u=r.mul(r.ONE,i),l=r.pow(n,t),d=r.pow(n,s);for(;!r.eql(l,r.ONE);){if(r.is0(l))return r.ZERO;let t=1,e=r.sqr(l);for(;!r.eql(e,r.ONE);)if(t++,e=r.sqr(e),t===o)throw new Error("Cannot find square root");const n=f<<BigInt(o-t-1),i=r.pow(u,n);o=t,u=r.sqr(i),l=r.mul(l,u),d=r.mul(d,i)}return d}}function O(r){return r%c===d?h:r%E===w?q:p(r)}const B=(r,t)=>(g(r,t)&f)===f,v=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function R(r){const t=v.reduce(((r,t)=>(r[t]="function",r)),{ORDER:"bigint",MASK:"bigint",BYTES:"isSafeInteger",BITS:"isSafeInteger"});return s(r,t)}function N(r,t,e){if(e<u)throw new Error("invalid exponent, negatives unsupported");if(e===u)return r.ONE;if(e===f)return t;let n=r.ONE,o=t;for(;e>u;)e&f&&(n=r.mul(n,o)),o=r.sqr(o),e>>=f;return n}function b(r,t,e=!1){const n=new Array(t.length).fill(e?r.ZERO:void 0),o=t.reduce(((t,e,o)=>r.is0(e)?t:(n[o]=t,r.mul(t,e))),r.ONE),i=r.inv(o);return t.reduceRight(((t,e,o)=>r.is0(e)?t:(n[o]=r.mul(t,n[o]),r.mul(t,e))),i),n}function I(r,t){const e=(r.ORDER-f)/l,n=r.pow(t,e),o=r.eql(n,r.ONE),i=r.eql(n,r.ZERO),s=r.eql(n,r.neg(r.ONE));if(!o&&!i&&!s)throw new Error("invalid Legendre symbol result");return o?1:i?0:-1}function y(t,e){void 0!==e&&r(e);const n=void 0!==e?e:t.toString(2).length;return{nBitLength:n,nByteLength:Math.ceil(n/8)}}function x(r,s,l=!1,d={}){if(r<=u)throw new Error("invalid field: expected ORDER > 0, got "+r);const{nBitLength:c,nByteLength:w}=y(r,s);if(w>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let E;const a=Object.freeze({ORDER:r,isLE:l,BITS:c,BYTES:w,MASK:n(c),ZERO:u,ONE:f,create:t=>g(t,r),isValid:t=>{if("bigint"!=typeof t)throw new Error("invalid field element: expected bigint, got "+typeof t);return u<=t&&t<r},is0:r=>r===u,isOdd:r=>(r&f)===f,neg:t=>g(-t,r),eql:(r,t)=>r===t,sqr:t=>g(t*t,r),add:(t,e)=>g(t+e,r),sub:(t,e)=>g(t-e,r),mul:(t,e)=>g(t*e,r),pow:(r,t)=>N(a,r,t),div:(t,e)=>g(t*m(e,r),r),sqrN:r=>r*r,addN:(r,t)=>r+t,subN:(r,t)=>r-t,mulN:(r,t)=>r*t,inv:t=>m(t,r),sqrt:d.sqrt||(t=>(E||(E=O(r)),E(a,t))),toBytes:r=>l?t(r,w):e(r,w),fromBytes:r=>{if(r.length!==w)throw new Error("Field.fromBytes: expected "+w+" bytes, got "+r.length);return l?o(r):i(r)},invertBatch:r=>b(a,r),cmov:(r,t,e)=>e?t:r});return Object.freeze(a)}export{x as Field,b as FpInvertBatch,I as FpLegendre,N as FpPow,O as FpSqrt,m as invert,B as isNegativeLE,g as mod,y as nLength,a as pow2,p as tonelliShanks,R as validateField};
+const l=BigInt(0),u=BigInt(1),f=BigInt(2),c=BigInt(3),d=BigInt(4),w=BigInt(5),g=BigInt(7),m=BigInt(8),E=BigInt(9),a=BigInt(16);function h(t,e){const n=t%e;return n>=l?n:e+n}function q(t,e,n){let r=t;for(;e-- >l;)r*=r,r%=n;return r}function p(t,e){if(t===l)throw new Error("invert: expected non-zero number");if(e<=l)throw new Error("invert: expected positive modulus, got "+e);let n=h(t,e),r=e,o=l,i=u;for(;n!==l;){const t=r%n,e=o-i*(r/n);r=n,n=t,o=i,i=e}if(r!==u)throw new Error("invert: does not exist");return h(o,e)}function B(t,e,n){if(!t.eql(t.sqr(e),n))throw new Error("Cannot find square root")}function O(t,e){const n=(t.ORDER+u)/d,r=t.pow(e,n);return B(t,r,e),r}function b(t,e){const n=(t.ORDER-w)/m,r=t.mul(e,f),o=t.pow(r,n),i=t.mul(e,o),s=t.mul(t.mul(i,f),o),l=t.mul(i,t.sub(s,t.ONE));return B(t,l,e),l}function v(t){if(t<c)throw new Error("sqrt is not defined for small field");let e=t-u,n=0;for(;e%f===l;)e/=f,n++;let r=f;const o=T(t);for(;1===S(o,r);)if(r++>1e3)throw new Error("Cannot find square root: probably non-prime P");if(1===n)return O;let i=o.pow(r,e);const s=(e+u)/f;return function(t,r){if(t.is0(r))return r;if(1!==S(t,r))throw new Error("Cannot find square root");let o=n,l=t.mul(t.ONE,i),f=t.pow(r,e),c=t.pow(r,s);for(;!t.eql(f,t.ONE);){if(t.is0(f))return t.ZERO;let e=1,n=t.sqr(f);for(;!t.eql(n,t.ONE);)if(e++,n=t.sqr(n),e===o)throw new Error("Cannot find square root");const r=u<<BigInt(o-e-1),i=t.pow(l,r);o=e,l=t.sqr(i),f=t.mul(f,l),c=t.mul(c,i)}return c}}function y(t){return t%d===c?O:t%m===w?b:t%a===E?function(t){const e=T(t),n=v(t),r=n(e,e.neg(e.ONE)),o=n(e,r),i=n(e,e.neg(r)),s=(t+g)/a;return(t,e)=>{let n=t.pow(e,s),l=t.mul(n,r);const u=t.mul(n,o),f=t.mul(n,i),c=t.eql(t.sqr(l),e),d=t.eql(t.sqr(u),e);n=t.cmov(n,l,c),l=t.cmov(f,u,d);const w=t.eql(t.sqr(l),e),g=t.cmov(n,l,w);return B(t,g,e),g}}(t):v(t)}const R=(t,e)=>(h(t,e)&u)===u,N=["create","isValid","is0","neg","inv","sqrt","sqr","eql","add","sub","mul","pow","div","addN","subN","mulN","sqrN"];function I(t){const e=N.reduce((t,e)=>(t[e]="function",t),{ORDER:"bigint",MASK:"bigint",BYTES:"number",BITS:"number"});return i(t,e),t}function x(t,e,n){if(n<l)throw new Error("invalid exponent, negatives unsupported");if(n===l)return t.ONE;if(n===u)return e;let r=t.ONE,o=e;for(;n>l;)n&u&&(r=t.mul(r,o)),o=t.sqr(o),n>>=u;return r}function L(t,e,n=!1){const r=new Array(e.length).fill(n?t.ZERO:void 0),o=e.reduce((e,n,o)=>t.is0(n)?e:(r[o]=e,t.mul(e,n)),t.ONE),i=t.inv(o);return e.reduceRight((e,n,o)=>t.is0(n)?e:(r[o]=t.mul(e,r[o]),t.mul(e,n)),i),r}function S(t,e){const n=(t.ORDER-u)/f,r=t.pow(e,n),o=t.eql(r,t.ONE),i=t.eql(r,t.ZERO),s=t.eql(r,t.neg(t.ONE));if(!o&&!i&&!s)throw new Error("invalid Legendre symbol result");return o?1:i?0:-1}function D(t,e){void 0!==e&&s(e);const n=void 0!==e?e:t.toString(2).length;return{nBitLength:n,nByteLength:Math.ceil(n/8)}}function T(i,s,f=!1,c={}){if(i<=l)throw new Error("invalid field: expected ORDER > 0, got "+i);let d,w,g,m=!1;if("object"==typeof s&&null!=s){if(c.sqrt||f)throw new Error("cannot specify opts in two arguments");const t=s;t.BITS&&(d=t.BITS),t.sqrt&&(w=t.sqrt),"boolean"==typeof t.isLE&&(f=t.isLE),"boolean"==typeof t.modFromBytes&&(m=t.modFromBytes),g=t.allowedLengths}else"number"==typeof s&&(d=s),c.sqrt&&(w=c.sqrt);const{nBitLength:E,nByteLength:a}=D(i,d);if(a>2048)throw new Error("invalid field: expected ORDER of <= 2048 bytes");let q;const B=Object.freeze({ORDER:i,isLE:f,BITS:E,BYTES:a,MASK:o(E),ZERO:l,ONE:u,allowedLengths:g,create:t=>h(t,i),isValid:t=>{if("bigint"!=typeof t)throw new Error("invalid field element: expected bigint, got "+typeof t);return l<=t&&t<i},is0:t=>t===l,isValidNot0:t=>!B.is0(t)&&B.isValid(t),isOdd:t=>(t&u)===u,neg:t=>h(-t,i),eql:(t,e)=>t===e,sqr:t=>h(t*t,i),add:(t,e)=>h(t+e,i),sub:(t,e)=>h(t-e,i),mul:(t,e)=>h(t*e,i),pow:(t,e)=>x(B,t,e),div:(t,e)=>h(t*p(e,i),i),sqrN:t=>t*t,addN:(t,e)=>t+e,subN:(t,e)=>t-e,mulN:(t,e)=>t*e,inv:t=>p(t,i),sqrt:w||(t=>(q||(q=y(i)),q(B,t))),toBytes:t=>f?n(t,a):r(t,a),fromBytes:(n,r=!0)=>{if(g){if(!g.includes(n.length)||n.length>a)throw new Error("Field.fromBytes: expected "+g+" bytes, got "+n.length);const t=new Uint8Array(a);t.set(n,f?0:t.length-n.length),n=t}if(n.length!==a)throw new Error("Field.fromBytes: expected "+a+" bytes, got "+n.length);let o=f?t(n):e(n);if(m&&(o=h(o,i)),!r&&!B.isValid(o))throw new Error("invalid field element: outside of range 0..ORDER");return o},invertBatch:t=>L(B,t),cmov:(t,e,n)=>n?e:t});return Object.freeze(B)}export{T as Field,L as FpInvertBatch,S as FpLegendre,x as FpPow,y as FpSqrt,p as invert,R as isNegativeLE,h as mod,D as nLength,q as pow2,v as tonelliShanks,I as validateField};
 //# sourceMappingURL=modular.js.map